Security 2014 and Beyond: An Evolving Threat Environment in a Mobile, Cloud, and Virtual World

Transcription

1 Security 2014 and Beyond: An Evolving Threat Environment in a Mobile, Cloud, and Virtual World December 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. [email protected] (212) Brett Fodero BMO Capital Markets Corp. [email protected] (212) Refer to pages for Important Disclosures, including Analyst s Certification. For Important Disclosures on the stocks discussed in this report, please go to

2 BMO Capital Markets Table of Contents...5 Security Industry View...6 Key Points...7 Security Market Backdrop: New, More Sophisticated Threats Driving Demand for Better Technologies...11 Cloud-Based Security Is Growing Much Faster Than The Traditional Model...27 Data and Application Protection...30 Cloud Computing Implications for Security...36 Cloud Application Control...37 End Point Security...41 Consumer Market Disrupted by Tablets and Freemium Model...42 Regulation Driving the Need for Compliance Checks...42 Evaluating Vendors Positioning to Benefit From Next-Generation Security...44 M&A Outlook...45 Key Drivers of Investing in Security...48 Summary of Covered Companies...49 Summary of Un-Covered Companies...54 Comparable Analysis of Public Security Companies...61 Key Private Security Companies to Watch...63 Glossary Barracuda Networks Company Overview Balance Sheet and Capital Allocation Current Outlook Valuation Risks Financial Models Check Point Software Market Backdrop Company Background Appliances Blades New Products Balance Sheet and Capital Allocation Current Outlook Valuation Risks Financial Models Imperva Company Overview Balance Sheet and Capital Allocation Current Outlook Valuation Risks Financial Models Qualys Investment Drivers Market Backdrop Company Background Balance Sheet and Capital Allocation Current Outlook Valuation Risks Financial Models Symantec Company Overview Balance Sheet and Capital Allocation Current Outlook Valuation Risks Financial Models A member of BMO Financial Group 3 December 18, 2013

3 BMO Capital Markets A member of BMO Financial Group 4 December 18, 2013

4 Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Security 2014 and Beyond: An Evolving Threat Environment in a Mobile, Cloud, and Virtual World Despite billions of dollars having been spent over the past decade on stateful firewalls (any firewall that performs stateful packet inspection of network connections) and point solutions complementing them (IPS, web filtering, security web gateways, UTMs, and others), corporate breaches are at elevated levels, in our opinion. Today's cyber threat landscape is highly targeted and focused on acquiring something valuable and vital, such as sensitive personal information, intellectual property, as 95% of organizations are compromised by new sophisticated attacks that blend malicious techniques. These attacks can cost millions of dollars in lost revenue and compromise customer data, intellectual property, business reputation, and overall livelihood. A recurring theme in our conversations with customers, vendors, channel partners, and other industry participants is the need for protecting data regardless of its location and form. As spending on security initiatives remains a top priority with CIOs and CSOs, the key security concerns are securing mobile devices while enabling greater mobility and BYOD, dealing with advanced persistent threats, dealing with identity management, ensuring the security of customer data, and transaction security. Cybersecurity risk has increased significantly with the adoption of initiatives like cloud-based applications, social networking, virtualization, and BYOD, which provide more weaknesses in an organization s network. The corporate challenge is finding a balance between enhancing the productivity of its employees and securing its networks and sensitive data from attack. Today s goal for security vendors is to find known and unknown cyberattacks in real-time across all potential vectors. Summary Cyber crime has surpassed illegal drug trafficking as a criminal moneymaker. Today's cyber threat landscape is highly targeted and focused on acquiring something valuable, such as sensitive personal information, intellectual property, etc., as 95% of organizations are compromised by new sophisticated attacks that blend malicious techniques. Cybersecurity risk has increased significantly with the adoption of initiatives like cloudbased applications, social networking, virtualization, and BYOD, which provide more weaknesses in an organization s network. As spending on security intiaitives remains a top priority with CIO s and CSO s, we are taking a deep dive on each of the underlying markets and identifying the key investment themes and companies as well as identifying the BMO top 50 private security companies to watch. We are initiating on the Security space with Barracuda Networks (Outperform), Checkpoint Software (Market Perform), Imperva (Outperform), Qualys (Market Perform), and Symantec (Market Perform). Page 5 December 18, 2013

5 Security Industry View Despite billions of dollars having been spent over the past decade on stateful firewalls (any firewall that performs stateful packet inspection of network connections) and point solutions complementing them (IPS, web filtering, security web gateways, UTMs, and others), corporate breaches are at elevated levels, in our opinion. Solving the security vulnerability of corporate networks with traditional solutions results in security gaps because those solutions were not designed to address several major recent developments. Bottom line is that traditional network security solutions have insufficient ability to deal with a complex IT environment and a constantly evolving threat environment. Cyber crime has surpassed illegal drug trafficking as a criminal money-maker -- one in five people in the world will become a victim (source: Symantec). Cybercriminals and hackers are expending significant resources to acquire sensitive intellectual property and personal data, causing financial and reputational damage; nation-states are pursuing cyber espionage targeting critical infrastructure grids and highly sensitive information that can threaten national security and launch denial of service attacks. According to Verizon s 2013 Data Breach Investigations Report: 75% of breached were driven by financial motive, 66% of breaches took months to discover, 92% of breaches were perpetrated by outsiders; 14% committed by insiders, 37% of breached affected a financial organization, and 71% of breaches targeted devices Cybersecurity risk has increased significantly with the adoption of initiatives like cloud-based applications, social networking, virtualization, and BYOD, which provide more weaknesses in an organization s network. The corporate challenge is finding a balance between enhancing the productivity of their employees and securing their networks and sensitive data from attack. The security industry and new technologies have evolved as the world moves from detection to prevention, from blocking to trapping (sandboxing), from reactive to proactive. Today s goal for security vendors is to find known and unknown cyber-attacks in real-time across all potential vectors. We are initiating on the Security space with Outperform ratings on Barracuda Networks (CUDA) and Imperva (IMPV), and Market Perform ratings on Checkpoint Software (CHKP), Qualys (QLYS), and Symantec (SYMC). Page 6 December 18, 2013

6 Key Points A recurring theme in our conversations with customers, vendors, channel partners, and other industry participants is the need for protecting data regardless of its location and form. This indicates continued strong spending on security initiatives driven by the coalescence of several factors: A recurring theme is protecting the data regardless of its location and form. Recent growth of advanced persistent threats and data breaches is causing companies to upgrade their security systems. Continuing data center consolidation drives a need for new network security solutions such as high-end IPS and unified threat management (UTM). Growth of rich-media applications is causing a need for next-generation applicationaware network security solutions. Increasingly vulnerable perimeter defenses owing to inadequate existing network security tools are causing a need for next-generation network security solutions. New generation of internet applications are traversing the corporate network. Employees are accessing social and media sites, leaving sensitive and confidential content at risk of leaving the corporate network. Regulatory driven compliance mandates. Regulatory compliance is becoming an increasingly important component of IT, especially since the cost of compliance grows with each new regulation. As a result, compliance is becoming an increasingly hot topic with C-level executives. In the 2012 Gartner CEO Survey, regulatory risk was cited as the No. 1 business risk. With Dodd- Frank, healthcare reform, more stringent privacy rules, and the increasing need to regulate the internet, among other new and upcoming regulations, enterprises will likely turn to compliance standards as never before. This should continue to drive the need for compliance software over the long term. The transition to cloud computing has exposed organizations to additional security vulnerabilities, as has the adoption of other new technologies such as virtualization and mobile computing. This ultimately has expanded the number of endpoints that need to be monitored and managed in order to protect sensitive data and IT assets. In our opinion, legacy solutions, both network and endpoint, have proved to be insufficient. At the same time, we are seeing a significant increase in customer interest in new and improved data protection and nextgeneration technologies. As a result, existing vendors have been scrambling to add new detection and prevention technologies to protect market share and meet customer demand. Strong SaaS and virtual appliances adoption; virtualization is moving a lot faster than virtualization security. We believe that distributed enterprise security has had a natural evolution as a response to the increase in sophistication and scale of the threat environment, IT budget considerations, cost and complexity of previous generations of enterprise security, and most recently virtualization and the rise of cloud computing. Our conversations with customers indicate that while the majority of organizations are virtualizing and server virtualization penetration is well over 50%, only a minority are doing anything about virtual security Gartner estimates that by 2015, 40% of security controls used in enterprise data centers will be virtualized, up from less Page 7 December 18, 2013

7 than 5% in 2010, i.e., virtualization is moving a lot faster than virtualization security. We are seeing strong adoption of virtual appliances. Federal cybersecurity initiatives are an opportunity for many vendors, but budgeting could create near-term risks. We expect cybersecurity to be a major driver in 2014 and beyond, boosted in part by increased government spending. The number of attacks against federal networks has increased at a six-year CAGR of 45% to 48,562 in 2012 from 5,503 in The Obama administration is renewing its focus on cybersecurity, which should drive near-term spending on security at the federal level. We expect multiple vendors to benefit from this increased spending. However, near-term uncertainty to government budgets can be an overhang on some companies that have meaningful revenue coming from this vertical. Security company IPO market remains hot. There has been 12 security related IPO s over the past several years, up significantly versus a handful in previous years, driven by increased venture investment and new opportunities brought on by the increasing threat landscape. These include. Imperva, Proofpoint, Qualys, Palo Alto Networks, FireEye, Barracuda Networks, AVG Technology, and LifeLock. Renewed interest by venture capital. We have seen renewed interest by VCs in the security space to invest in next-generation network and endpoint technologies and increased customer interest in data protection and next-generation technologies. We believe these are opportune times for enterprising smaller and new vendors to gain meaningful market share at the expense of vulnerable incumbents lagging in technology or being acquired by incumbents seeking to fill technology gaps. Consolidation a recurring theme. We expect the consolidation to continue and potentially accelerate as companies look to bolster their security portfolios. M&A volumes have rebounded, driven by increased liquidity positions (equity and debt markets, cash heavy balance sheets) and pent-up demand to make acquisitions that increase growth. Over the next several years, we think it is likely that M&A activity will remain high, especially in the cloud and network-security space. Large-scale consolidation typically happens at the hands of the large players such as Cisco, Intel, IBM, EMC, Dell, Symantec, CA etc., as well as private equity. Additionally, the acquirers of security companies are broad including security, defense, enterprise software, digital media, and communications. Since the beginning of 2010, the average M&A transaction is done at ~3.4x sales. The largest acquisition in several years was Cisco in July buying Sourcefire for $2.8 billion. Sourcefire s FireAMP and FirePOWER network security appliances combine for advanced malware protection (and forensic data capture) on networks and endpoints. Cisco plans to use Sourcefire as an engine to re accelerate its security franchise. Page 8 December 18, 2013

8 Large and Growing Total Addressable Market Security Software makes up ~8% overall enterprise software spending. Gartner projects that by 2017, total security spending (total security spending less security services) will increase to $39.1 billion from $27.7 billion in 2012, representing a five-year CAGR of 7.2%. We expect Enterprise markets (7.7% CAGR through 2017) to outpace Consumer, which is only expected to grow 4.2% over the same time period. Exhibit 1. Security Spending by Segment ($ Millions) CAGR Security Spending by Segment ($, Millions) E 2014E 2015E 2016E 2017E E Identity Access Management 2,658 2,950 3,278 3,618 3,960 4, % Other Identity Access Management ,066 1, % User Provisioning (UP) 1,397 1,549 1,720 1,898 2,089 2, % Web Access Management (WAM) % Infrastructure Protection 12,001 12,887 13,963 15,100 16,298 17, % Data Loss Prevention ,203 1,515 1, % Security Testing (DAST and SAST) % Security Information and Event Management (SIEM) 1,361 1,578 1,808 2,035 2,251 2, % Other Security Software 2,762 3,021 3,273 3,524 3,801 4, % Secure Web Gateway 2,033 2,158 2,327 2,505 2,683 2, % Secure Gateway 1,678 1,725 1,774 1,820 1,857 1, % Endpoint Protection Platform (Enterprise) 3,179 3,191 3,280 3,364 3,443 3, % Network Security Equipment 8,110 8,649 9,256 9,883 10,543 11, % VPN/Firewall Equipment 6,064 6,644 7,322 8,076 8,900 9, % IPS Equipment 1,470 1,524 1,549 1,510 1,418 1, % SSL VPN Equipment % Consumer Security Software 4,892 5,043 5,297 5,557 5,801 6, % Total Security Software 27,661 29,529 31,794 34,158 36,602 39, % Source: BMO Capital Markets estimates; Gartner (October 2013) Traditional enterprise security is a mature market, growing at a low rate because of high penetration. Higher-than-market growth for individual vendors can only come through market share shifts and vendors providing value by combining point products into suites and integrating high-value add functions. The fastest growth areas of security spending are expected to be emerging categories: Identity and Access Management (IAM), Data Loss Prevention (DLP), and Security Testing, albeit off smaller bases. Additionally, we expect Next Generations Firewalls (NGFW) to outpace overall networks security growth, as it cannibalizes spending from existing categories. Page 9 December 18, 2013

9 Exhibit 2. Security Spending by Segment ($, Millions) $7,000 $6,000 $6,064 27% 16% 30.0% 20.0% Market Size ($000), 2012 $5,000 $4,000 $3,000 $2,000 $1,000 10% 10% 12%6% 7% $3,179 2% 2% -3% $2,033 $1,678 $1,470 $1,397 $1,361-22% $634 $576 $573 $ % 0.0% -10.0% -20.0% CAGR $ % Source: BMO Capital Markets; Gartner (October 2013). Select key drivers for current security buyers: Securing mobile devices and enabling mobility, Advanced persistent threats (APT) protection, Securing BYOD and cloud computing environments, and Adding security services to differentiate their IP solution Page 10 December 18, 2013

10 Exhibit 3. Security Consistently a Top 10 Priority for CIOs Source: Gartner. Security Market Backdrop: New, More Sophisticated Threats Driving Demand for Better Technologies Over the past decade, as the Internet has evolved, so too has the extent and scope of cyber threats. As a result, the threat landscape has changed significantly over the past decade in several dimensions, including 1) increased sophistication, maliciousness, and stealth; 2) increased scale and frequency; and 3) the convergence of threats. Advance persistent threats (APTs) are increasingly being used with the goal of achieving ongoing access. Furthermore, new technologies have increased the number of attack vectors, making organizations that much more vulnerable to an attack. More recently, the transition to cloud computing has exposed organizations to additional security vulnerabilities, as has the adoption of other new technologies such as virtualization and mobile computing. This ultimately has expanded the number of endpoints that need to be monitored and managed in order to protect sensitive data and IT assets. Advanced persistent threats (APTs) are increasingly being used to gain access to proprietary and confidential enterprise data with the goal to achieve ongoing access. Advanced persistent threats: Advanced Operators behind the threat have a full spectrum of intelligence-gathering techniques at their disposal and often combine multiple targeting methods, tools, and techniques in order to reach and compromise their target and maintain access to it. Persistent Operators give priority to a specific task, and targeting is conducted through continuous monitoring and interaction in order to achieve the defined objectives. Threat APTs are a threat because they have both capability and intent. The growing threat landscape has been made ever more apparent with the increasing number of high-profile data breaches that have occurred over the past several years. According to Symantec, there was a 42% increase in cyberattacks against US businesses last year, and according to a Page 11 December 18, 2013

11 recent report in the Telegraph, big banks are being hit with cyberattacks every minute of every day. Exhibit 4. Advanced Persistent Threats Source: Dell SecureWorks Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists, and by extension, to refer to the groups behind these attacks. In our opinion, legacy solutions, both network and endpoint, have proved to be insufficient. At the same time, we are seeing a significant increase in customer interest in new and improved data protection and next-generation technologies. As a result, existing vendors have been scrambling to add new detection and prevention technologies to protect market share and meet customer demand. In 2013, Mandiant presented results of its research on alleged Chinese attacks using APT methodology between 2004 and 2013 that followed similar lifecycle: Page 12 December 18, 2013

12 Initial compromise performed by use of social engineering and spear phishing, over , using zero-day viruses. Another popular infection method was planting malware on a website that the victim employees will be likely to visit. Establish foothold plant remote administration software in victim's network, create network backdoors and tunnels allowing stealth access to its infrastructure. Escalate privileges use exploits and password cracking to acquire administrator privileges over victim's computer and possibly expand it to Windows domain administrator accounts. Internal reconnaissance collect information on surrounding infrastructure, trust relationships, Windows domain structure. Move laterally expand control to other workstations, servers, and infrastructure elements and perform data harvesting on them. Maintain presence ensure continued control over access channels and credentials acquired in previous steps. Complete mission exfiltrate stolen data from victim's network. In incidents analyzed by Mandiant, the average period over which the attackers controlled the victim's network was one year, with the longest being almost five years. The infiltrations were allegedly performed by Shanghai-based Unit of People's Liberation Army, and the Chinese officials have denied any involvement in these attacks. Damballa Failsafe automatically discovers unknown threats, confirms which devices are infected, and stops the threat communications. Its unique ability to rapidly determine which devices are infected enables enterprise IT security teams to focus on active and imminent threats preventing breaches with a robust advanced threat containment capability. The FireEye Threat Prevention Platform combats today's advanced cyberattacks with is patented Multi-Vector Virtual Execution (MVX) engine that provides state-of-the-art, signature-less analysis along with proprietary virtual machines within its core to identify and block cyber attacks that may leverage one or more threat vectors to infect a client (e.g., targeted s with embedded URLs or malicious documents). Network Security: Spending to Remain Strong Through 2017 Our research shows continued strong spending intentions on network security. Gartner estimates that total network security equipment spending will increase 6.6% in 2013 to $8.6 billion, with VPN/firewall equipment making up approximately 75% of the total spend on network security. Spending on firewalls is also expected to be the fastest growing area in network security, growing at an estimated 10% CAGR through Additionally, we expect Next Generations Firewalls (NGFW) to outpace overall networks security growth, as it cannibalizes spending from existing network and infrastructure protection categories. Further, the rise of Next Generation Threat protection focused on APTs is likely to introduce a new market supplementing traditional security network security. Page 13 December 18, 2013

13 Network Security 3.0 As hackers discovered a way to penetrate the network perimeter despite the multiple security point solutions introduced with last generation network security technologies, and as insider threats grew, customers identified the need for deeper protection on all devices within the network. This emphasis on network security is driven by the confluence of several factors, including: Recent growth of advanced persistent threats and data breaches is causing companies to upgrade their security systems. Continuing data center consolidation drives a need for new network security solutions such as high-end IPS and unified threat management (UTM). Growth of media-rich applications is causing a need for next-generation application-aware network security solutions. Increasingly vulnerable perimeter defenses because of inadequate existing network security tools are causing a need for next-generation network security solutions. Service providers are increasing investments to handle Distributed Denial of Service attacks and mobile backhaul issues. Verticals such as retail and healthcare are setting higher security budgets to comply with the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act, respectively. The financial services industry is increasing spending to reduce latency and minimize security breaches. Moreover, enterprises increasingly allowed employees to connect to the network through their laptops (ex: VPN). And hence, organizations extended their networks to accommodate these tools. As these endpoints roamed outside the network and reconnected, resilient security was needed to protect them. The agents installed on all of the devices within the network (and accessing remotely) needed to be updated regularly by some type of protection network and centralized management (ex: McAfee epo). On top of that, virtualization and the growing prevalence of the cloud have introduced new challenges to overall security. As such, today s network requires in depth defense, where: Perimeter security, such as the traditional firewall/ids/ips, remains at the front line, mainly defending against the outside-in attack attempts to penetrate the first line of defense from outside. Virtual appliances on the virtual network edge handle more granular security rules, especially related to application security and virtual shielding. This not only enhances perimeter security, but also reduces the frequency of changes made to perimeter devices. This layer also provides essential security in case a host security agent is not deployed. Advanced Persistent Threat services that perform automated, real-time analysis, across network traffic to detecting anomalies and stop compromised ports, IP addresses, and protocols. Page 14 December 18, 2013

14 A host-based security agent on each of the hosts dynamically senses and changes the security policy as the computing/workload moves, for example, from inside the corporate network, to roaming outside the corporate network, or to another data center or to the cloud. Next-Generation Network Security The biggest development in network security, in our view, has been the development of nextgeneration security, spearheaded by Palo Alto Network. Next-generation security (NGFW) is the convergence (as opposed to integration, i.e., UTM), of multiple security functions (firewall, IPS, secure Web gateway) on a single-engine appliance. The basis of NGFW is the evolution of firewalls to encompass IPS and secure web gateways. Currently, network security is at a crossroads as once viable solutions are now incapable of stopping the growing tide of data breaches owing to the multitude of vulnerabilities they leave that are taken advantage of by attackers; moreover, the quality and effectiveness of these attacks has increased significantly. Hacking has become a big business, including nation-state cyber wars and corporate espionage. According to a Symantec report published last year, cyber crime costs consumers $110 billion per year and affects 1.5 million people per day. As a result of the growing threat to people and businesses alike, the World Economic Forum named cyber attacks as one of the top five biggest global risks for Cyber criminals target applications' security gaps resulting from traditional IP-based/portbased/allow-block firewall technology, which has not developed much over the last 20 years. Modern applications are increasingly using various techniques like non-standard ports and tunneling to go around port-based firewalls. Attackers today do not go directly after the data center anymore, as all protection tends to be around the data center. They instead exploit vulnerabilities on the user devices. For example, SSL and internet protocol security (IPSec) do not protect the mobile machine when the machine is off the network and goes directly to the internet. Attackers can also penetrate perimeter defenses through applications like Facebook, youtube.com, Twitter, etc. Today, users IP addresses with IPv6 change every hour this has created the need to track the user and not the IP and for an enterprise-wide user management system. A theme that consistently arises during our conversations with industry participants is that regulations are not keeping up with the latest trends. Many we speak with believe that regulations make organizations spend money on compliance and not security, i.e., organizations spend money on outdated technologies like stateful inspection. Page 15 December 18, 2013

15 Exhibit 5. Next-Generation Network Security Positioning Positioning Vendor Legacy Notes Strong Palo Alto Pure play Intelligence Platform with policy based visibility and control is key differentiator Fireeye APT Multi Vector Virtual Execution (MVX) engine differentiation Barracuda Filtering/FW Well positioned to capture share in SMB market CheckPoint FW Small app control traction Fortinet UTM Tough to figure out NGFW traction, claims really fast FW, low presence with LEs Dell/SonicWall FW Making a push with lower end NGFW, traction is unclear Cisco FW Sourcefire acquisition likely to stem recent share losses Juniper FW SRX product line struggling after a strong start McAfee FW/IPS Unclear if McAfee network business strategic to Intel, mass exodus of employees IBM IPS Trying to re invigorate ISS, but seems a long shot HP IPS TippingPoint getting lost inside HP, no NGFW strategy Websense Web filtering Still viewed as a point vendor despite appliance push F5 ADC Nascent security efforts and strategy Weak EMC RSA Authentication Will be making acquisitions in security, but doubtful network security Source: BMO Capital Markets; Gartner. Key Characteristics of Next-Generation Network Security Contextual awareness. Security and networking vendors have been increasingly adopting the idea of contextual awareness, spearheaded by Palo Alto Networks. Contextual awareness refers to the ability to enforce security policies based on application, device type, location, user identity, and other attributes. These attributes broadly fall in three categories: applications, content, and identity. Gartner believes that by 2015, 90% of enterprise security solutions deployed will be context aware and in 2014 around 60% of firewall purchases will be next-generation firewalls. The main drivers of this trend are cloud computing, consumerization of IT, virtualization, and the rapidly changing threat landscape, which all make the traditional static security policy models less and less relevant and effective. Cloud computing trends, for example applications going to the public cloud and SaaS, make granularity vital to ensure that enterprise networks deal with the proper data. As IT loses control and ownership of IT assets and data, more context is needed when a security decision is made. This approach allows for better informed risk-based security decisions. Application-level protection. Next-generation security like Palo Alto Networks securely enables applications like Facebook and Twitter inside the enterprise. It also allows for getting more value out of applications like Sharepoint and Webex. It can be used for granular controls such as providing access to personal by stripping attachments. Palo Alto s application firewall keeps track of 1,000+ applications, classifies unknown traffic and lets administrators decide what to do with it. Processing of encrypted traffic. Palo Alto s technology processes both encrypted and unencrypted traffic. Traditional IPS solutions only do un-encrypted traffic, which leaves wide gaps for encrypted malware. Same level of protection everywhere. This technology provides the same level of protection to all users everywhere whether the headquarters or the branch office. Traditionally, organizations have tended to under-invest in branch offices. Palo Alto Networks creates a virtual private cloud (GlobalProtect) using a small agent on devices whereby devices are logically there, no matter Page 16 December 18, 2013

16 where they are. For off-the-network devices, the agent re-directs traffic to the nearest firewall via SSL VPN. Proactive analysis of network traffic. With a continuous analysis of suspicious code throughout the attack life cycle and blocking of malware communications across multiple threat vectors, next-generation protections can stop advanced malware, zero-day exploits, and advanced persistent threats (APTs) from threatening sensitive data assets. This requires an additional layer of signature less security beyond traditional network technologies. FireEye leads here with its Multi-Vector Virtual Execution (MVX) engine. Surpasses UTMs in terms of performance. Next-generations security is different from UTMs in that UTMs suffer from the quality of their components as they are not as tightly integrated as NGFWs and also provide no or limited application awareness. For example, a UTM s IPS or content filter cannot compete with the point specialist leader. Palo Alto s technology allows for functionality performance to remain constant, in our opinion. According to Check Point, its products see 10%-20% performance degradation for additional functionality, with AV and antispam seeing more degradation, while IPS has smaller degradation. Having said that, we believe UTM vendors will benefit from the buzz created by NGWFs, as the value proposition of both center at least partly on security function consolidation. Traditional vendors start from a core product like a firewall and add on another security blade like IPS. The next-generation security is a device that extends the network security from web and to the network. Migration to both a newer firewall or a next-generation firewall are difficult; however, nextgeneration technology is far more advanced and Palo Alto is seeing great traction. Around 25% of Palo Alto's business is driven by the data center, and the recently launched big PA-5000 should expand Palo Alto s presence there. Comprehensive scanning. Today organizations run traffic through anti-malware, IPS, DLP, content filtering, while next-generation network security does the same at the firewall level. URL filtering is deterministic, going after known malware. Reputation services produce a score used to determine which traffic needs to be scanned. Palo Alto s technology, however, scans everything all the time. Botnets, DDOS, and advanced persistent threats explore unknown vulnerabilities or exploit social networking. There is need for more signature-less, behavior detection to detect unknown threats we expect this area will grow significantly in the coming years. The role of signatures will likely decrease, but we believe they will be around for a while as a necessary but ancillary defense. Page 17 December 18, 2013

17 Exhibit 6. Pros and Cons of the Different Approaches to Next Generation Security Network Security Model PROS CONS Companies NGFW Improved application visibility and control Possible performance issues, according to Gartner, for customers Palo Alto Protection against threats, vulnerabilities, data leakage, abusive use, that deploy advanced NGFW policies on high speed heterogeneous traffic and targeted malware in real time NGFW might not compete well with small businesses where UTM High performance and low latency might be a better solution Simplified security infrastructure and lower TCO Deployment flexibility for any point in the network Legacy Firewall Familiar, simple to understand technology Not designed to deal with Web 2.0 social media, SaaS, and other CheckPoint productivity enhancing applications Cisco Does not work with non standard applications Juniper If the initial packets are allowed to pass, subsequent associated SonicWALL packets are not inspected because they are assumed to be safe Stateful inspection helpers Complements to capabilities of stateful firewalls Introduces additional complexity and cost BlueCoat Deep specialization in one security function can provide effective Offers only partial visibility and control HP Tipping Point security Lack of integration IBM ISS Can introduce significant network latency Sourcefire Often relies on disparate malware signature libraries and policies Websense UTM Addresses the complexity and cost issues of operating distinct helper Relies on stateful inspection technology preventing it from scanning Fortinet technologies all traffic and providing native application and user visibility Reduces network security complexity and cost by consolidating Performance can decline dramatically as additional security functions security functions into one product are turned on Application Control Blade Very cheap add on to legacy firewalls Identify appls only after the traffic is passed through the FW, carrying CheckPoint Does not rip and replace existing legacy firewall infrastructure the limitations of stateful inspection Traffic will no longer be identified after allowed or blocked Sequential traffic scan requires more processing power Can't look for apps on non standard ports Does not scan all traffic for applications Source: BMO Capital Markets; Company documents. Next-Generation Network Security Market Sizing Next-generation firewall (NGFW) is the convergence (as opposed to integration, i.e., UTM), of multiple security functions (firewall, intrusion prevention systems, secure Web gateway) on a single-engine appliance. The basis of NGFW is the evolution of firewalls to encompass IPS and secure web gateways. Gartner believes that by 2015, 90% of enterprise security solutions deployed will be context aware and that while less than 10% of internet connections today are secured using NGFWs, by year-end 2014 that will rise to 35% of the installed base, with 60% of new purchases being NGFWs. NGFWs can be used to meet the needs of 90% of most IPS use cases and that by 2015, more than 50% of IPS deployments will be part of an NGFW. According to Gartner, NGFWs that have secure web gateway capabilities will be used by less than 30% of the large enterprise market, and that outside of the small or midsize business (SMB)/unified threat management (UTM) area, NGFW and SWG markets will not converge before Page 18 December 18, 2013

18 Exhibit 7. Next Generation Firewall Market Sizing ($M) E 2014E 2015E 2016E 2017E CAGR (08 14) CAGR (12 17) Source/assumptions/notes Firewall/SSL VPN equipment $6,639 $7,125 $7,707 $8,373 $9,124 $9,933 3% 11% Gartner (September 2013) % NGFW 15% 35% 50% 60% 70% 78% 2014 Gartner assumption, rest BMO NGFW $996 $2,494 $3,854 $5,024 $6,387 $7,748 82% 67% IPS Equipment $1,470 $1,524 $1,549 $1,510 $1,418 $1,288 5% 3% Gartner (September 2013) % subsumed by NGFW 15% 30% 45% 55% 60% 63% BMO assumptions; 2015 >50% according to Gartner Delivered by NGFW $221 $457 $697 $830 $851 $811 84% 38% Secure Web Gateway (SWG) $1,383 $1,452 $1,536 $1,628 $1,717 $1,799 BMO est ; Gartner Secure Web Gateway: appliance $650 $706 $791 $877 $966 $1,056 BMO est ; Gartner Total $2,033 $2,158 $2,327 $2,505 $2,683 $2,855 8% 9% Gartner (September 2013) % subsumed by NGFW 5% 10% 15% 25% 38% 45% BMO assumptions; impact on SMBs in near term Delivered by NGFW $102 $216 $349 $626 $1,020 $1,285 59% 89% according to Gartner Total FW+IPS+SWG $10,142 $10,807 $11,583 $12,387 $13,226 $14,076 4% 9% % NGFW 13% 29% 42% 52% 62% 70% Total NGFW $1,318 $3,167 $4,900 $6,480 $8,258 $9,844 79% 65% Source: BMO Capital Markets estimates; Gartner. Within the NGFW market, Cisco held the largest share by our estimates with ~19% of the total market at the end of However, that declined from ~22% in As we mentioned above, we believe the Check Point, Cisco/Sourcefire, Fortinet, and Palo Alto will likely continue to benefit from the growing next-generation security market, which will likely be at the expense of incumbents that have not updated their security offerings at the same pace, like Cisco and Juniper. Cisco should benefit from its recent acquisition of Sourcefire pending a successful integration. (see exhibit below) Exhibit 8.NGFW Market Share ( ) ($M) Share Share Share Cisco 21.9% 19.1% 19.2% CheckPoint 11.5% 12.5% 12.6% Juniper Networks 9.6% 8.6% 7.8% McAfee 5.5% 4.7% 4.7% Fortinet 3.6% 4.1% 4.5% BlueCoat 4.0% 4.1% 4.2% Websense 3.9% 4.0% 3.7% IBM 2.5% 2.6% 2.2% Palo Alto Networks 1.0% 1.9% 3.2% SonicWALL 2.0% 2.2% 1.7% HP 1.7% 2.2% 2.2% WatchGuard Technologies 1.5% 1.6% 1.5% Sourcefire 0.8% 1.0% 1.3% Others 30.4% 31.4% 31.4% Total 100% 100% 100% Source: BMO Capital Markets; Gartner Palo Alto Networks next-generation firewalls enforce network security policies based on applications, users, and content. Palo Alto Networks is redefining the network security market as legacy providers are unable to deal with a complex IT environment and a constantly evolving threat environment. The Check Point next generation firewall extends the power of the firewall beyond stopping unauthorized access by adding IPS and application control protections. Next generation firewalls come in many sizes and offer throughput of up to 110Gbps. Page 19 December 18, 2013

19 Dell SonicWALL next-generation firewalls use the SonicOS Platform, and deliver gateway protection, inspection for SSL encrypted sessions, and granular application intelligence and control. With Dell SonicWALL Next-Gen Firewalls, IT can visualize applications running across a network allocating bandwidth for what s essential and limiting or blocking what s not. The Barracuda NG Firewall is an enterprise-grade next-generation firewall. User identity and application awareness are used to select the best network path, traffic priority, and available bandwidth for business-critical traffic. Barracuda NG Firewall Vx is a virtual appliance providing, comprehensive features, and ease-of-use found in the Barracuda NG Firewall appliance. The Barracuda NG Firewall Vx integrates a comprehensive set of next-generation firewall technologies, including Layer 7 Application Control, availability, and traffic flow optimization across the wide area network, web filtering, antivirus, anti-spam, and network access control enforcement. Exhibit 9. Gartner Magic Quadrant for Enterprise Network Firewalls Source: Gartner Page 20 December 18, 2013

20 Intrusion Prevention (IPS): Convergence Taking Place Between Firewall and IPS Dedicated IPS network security devices have traditionally focused on identifying and blocking threats targeted at specific applications and systems. IPS is evolving to incorporate other functionality (virtualization, application-awareness, client protection), and is increasingly sharing more traffic data with firewalls and other security functions. IPS continues to be driven by compliance. Mimicking the evolution of next-generation firewalls, IPS solutions are becoming application aware, and vendors are adding detectors for applications and HTTP services, providing visibility and ability to connect user and data policy. First-generation firewall technologies, however, are becoming less effective as web/cloud architectures introduce new components that are making protocol-based policy enforcement less effective. Next-generation firewalls (NGFW) are a natural evolution of the two technologies, providing an integrated network platform that performs deep inspection of traffic and blocking of attacks. A NGFW would provide a firewall rule to block certain internet traffic based on IPS inspection of sites, while at the same time being aware that certain application components may still be in compliance. An example of this would include allowing a collaboration application to run, but eliminating a peer-to-peer file sharing component. This convergence is, in turn, taking spending from the primary IPS market and driving into the firewall market. This year, spending on IPS appliances is expected to decelerate to 3.6% y/y growth and begin to decline by 2015 with a CAGR of -2.6% through Purely looking at intrusion prevention systems, McAfee and Sourcefire are the clear leaders when it comes to their solutions. Sourcefire has IPS appliances that can provide up to 40 Gpbs throughput and virtual IPS is available for VMware, Red Hat, and Xen platforms. The company is transitioning into offering a more complete NGFW solution with its FirePower hardware and is currently seeing good traction around that product. Page 21 December 18, 2013

21 Exhibit 10. Gartner Magic Quadrant for Intrusion Prevention Systems Source: Gartner We believe that the standalone IPS market has largely been absorbed by legacy and next generation firewall vendors. In July 2013, Sourcefire, a world leader in IPS and next-generation network security, was acquired by Cisco to create one of the most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options available in the market. Secure Web Gateway: Convergence Taking Place With the Firewall Secure web gateways protect employees surfing the Web by providing URL blocking, inbound malware detection and blocking, application control, and related Web security services. The market is still dominated by on-premises (85%) solutions, but SWG-as-a-service is growing rapidly (26% in 2013E). Secure web gateway solutions protect web-surfing PCs from infection and enforce company policies. A secure web gateway is a solution that filters unwanted software/malware from userinitiated web/internet traffic and enforces corporate and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications. Page 22 December 18, 2013

22 Overall, the secure web gateway market is one of the fastest growing subsectors within the security industry. This year, spending on SWG is expected to increase 7.1% y/y to $2.1 billion. By 2017, spending on SWG is expected to reach $2.9 billion representing a five-year CAGR ( ) of 7.0%. The market has bifurcated into Enterprises and SMBs: Enterprise SWG standalone through Large-enterprise solutions provide protection against more advanced security threats, and some include the capability to detect targeted threats. Gartner believes that most large organizations will require separate firewall and SWG solutions through 2014, as more advanced attacks will mandate specialized security products. SMB SWG SMB solutions are optimized for ease of use and cost-effectiveness and provide security protection against basic threats. Within the SMB segment, standalone SWGas-a-service and UTM appliances are common forms of delivery. SWG-as-a-service enables better protection of mobile employees by proxying all internet access through cloud-based filtering services, and penetration is expected to increase to 28% by Consolidation by traditional appliance vendors has also been a recurring theme. Cisco acquired market leader ScanSafe, Barracuda Networks acquired Purewire. Symantec acquired MessageLabs, McAfee acquired MX Logic, and Google acquired Postini. Websense, now offering hosted web security, has been acquired by Vista Equity Partners. Page 23 December 18, 2013

23 Exhibit 11. Gartner Magic Quadrant for Secure Web Gateways Source: Gartner Some of the more interesting independent solutions are: Barracuda web filter lets organizations benefit from online applications and tools without exposure to web-borne malware and viruses, lost user productivity, and misused bandwidth. As a comprehensive solution for web security and management, it unites award-winning spyware, malware, and virus protection with a powerful policy and reporting engine. Blue Coat Secure Web Gateway Virtual Appliance (SWG VA) combines the marketleading security capabilities of Blue Coat ProxySG with the flexibility of virtualization to provide a cost-effective enterprise branch office solution. Proofpoint Enterprise Protection (patented MLX Threat Classification Engine) provides security threat classification and security management solution against phish, virus, spam s, and other borne malware. zscaler, launched in August 2008, is already considered the most visionary SWG vendor. Its as-a-services (direct-to-cloud) offering is +50% less expensive than competitive Page 24 December 18, 2013

24 appliances and offers lower latency, resulting in competitive displacements versus onpremise market leaders. Security Market Overview: Mature and Saturated as a Standalone The security market is very mature, and buying activity is limited to organizations that are replacing aging appliances or are at contract termination. The total market was an estimated $1.7 billion in 2012, and is estimated to grow at a 2.3% CAGR through, owing to market saturation, increased bundling/suite deals and intense competition among market leaders. Global spam volumes declined again slightly in 2012, shifting to other mediums such as social networks, but spam represents as much as 69% of . Basic spam and virus detection effectiveness is 99% or more for almost all the vendors, and targeted phishing detection, outbound inspection, encryption, and delivery form factor are the major differentiators. Appliances and security-as-a-service are the most popular, but the availability of hybrid (combination of on-premises and as-a-service) and virtual appliances is increasing. antivirus services were the first adopted security-as-a-service offering because many companies already used third-party services, and these services can tolerate latency and can be largely self-administered via a web interface. Market penetration for as-a-service delivery is expected to increase from 40% in 2011 to 53% in Page 25 December 18, 2013

25 Exhibit 12. Gartner Magic Quadrant for Secure Gateways Source: Gartner Some of the more interesting independent solutions are: Barracuda Spam Firewall manages all inbound and outbound traffic to protect organizations from -borne threats and data leaks. As a complete management solution, organizations can encrypt messages and leverage the cloud to spool if mail servers become unavailable. Proofpoint Enterprise Protection provides security threat classification and security management solution against phish, virus, spam s, and other borne malware. Backed by the patented MLX Threat Classification Engine, enterprise s are classified based on the level of security threat to an organization and managed accordingly, whether it is valid , nuisance spam, or malicious, low-volume phishing attacks. Page 26 December 18, 2013

26 Cloud-Based Security Is Growing Much Faster Than The Traditional Model With cloud-based security IT buyers can leverage cloud infrastructure and a shared services delivery model to reduce costs, improve time-to-deployment, and reduce maintenance requirements, amongst other benefits. As a result, cloud security growth is exceeding the traditional model and is expected to do so for the foreseeable future. According to Gartner, the cloud-based security market was approximately $1.7 billion in 2012, and is expected reach $4.1 billion by 2017, representing a CAGR of 19.6% over a five-year period. Exhibit 13. Cloud-Based Security Services Market by Segment ($ in millions) Security Spending by Segment ($, Millions) E 2014E 2015E 2016E 2017E 5 YR CAGR Security Information Event Management % Identity and Access Management ,050 1, % Other Cloud Based Security Services % Secure Web Gateway % Remote Vulnerability Assessment % Secure Gateway , % Total Cloud Based Security Services 1,689 2,130 2,638 3,170 3,657 4, % Gartner (October 2013) Source: Gartner; BMO Capital Markets That said, it s important to note that security-as-a-service adoption will likely vary within the security disciplines; it s hard to imagine firewalls moving to the cloud given the criticality of the security. Cloud-based security is primed to benefit from the ongoing move to service-oriented architectures. Page 27 December 18, 2013

27 Exhibit 14. Cloud-Based Security Adoption Source: Gartner; BMO Capital Markets We cover the two highest penetration cloud-based security services secure and web gateways - in the network security section above and delve into several other higher growth areas identity and access management, remote vulnerability management and emerging - encryption below. Cloud Identity and Access Management Identity as a Service (IDaaS) is an authentication infrastructure that is built, hosted and managed by a third-party service provider. IDaaS can be thought of as single sign-on (SSO) for the cloud. Today, IAM stands at $350 million but is expected to see growth to $1.24 billion in 2017, for a total 28.8% CAGR, according to Gartner. Along with other services, identity and access management applications are being moved to the cloud, which the industry refers to as identity and access management as a service (IDaaS) or multifunction identity as a service. An IDaaS for the enterprise is typically purchased as a Page 28 December 18, 2013

28 subscription-based managed service. A cloud service provider may also host applications for a fee and provide subscribers with role-based access to specific applications or even entire virtualized desktops through a secure portal. Cloud-based IAM can be used to manage software-as-a-service (SaaS) applications and internal applications as well. Vendors include Centrify, Mycroft, Okta, OneLogIn, Ping Identity, CA, RSA, Symantec, and Symplified. Okta is an enterprise grade identity management service, built from the ground up in the cloud. With Okta, IT can manage access across any application, person, or device, whether the people are employees, partners or customers or the applications are in the cloud, on premises or on a mobile device. Ping Identity s PingOne offers secure single sign-on for your employees from any device and gives IT one dashboard to manage user access for all applications. Symplified is a comprehensive cloud identity solution that enables IT and security organizations to simplify user access to applications, regain visibility and control over usage, and meet security and compliance requirements. Symplified s Single Sign-On securely connects users to applications, whether the apps are in the cloud or behind the firewall. Centrify provides Unified Identity Services across data center, cloud and mobile resulting in one single login for users and one unified identity infrastructure for IT. The Centrify User Suite, SaaS Edition (Centrify for SaaS), halts password sprawl with single sign-on, giving organizations centralized control over access to ever-increasing numbers of SaaS applications. CA Technologies offers a cloud-based IAM solution as a hosted cloud service that provides capabilities for centrally managing access and identities for cloud-based services and on-premise applications. Its cloud security product suite consists of CA CloudMinder Identity Management, CA CloudMinder SSO, and CA CloudMinder Advanced Authentication. Cloud Vulnerability Management Vulnerability management automates network auditing and vulnerability management, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Today, cloud vulnerability management stands at $100 million, but is expected to see growth to $250 million in 2017, for a total 20.1% CAGR, according to Gartner. Vendors include Beyond Security, BeyondTrust/eEye Crital Watch, Digital Security, IBM, McAfee, Qualys, Rapid 7, Saint, Trustwave, and Tenable Network Security. Cloud-Based Encryption Services Is Another New Area of Growth Cloud-based encryption services allows security controls including encryption, tokenization, cloud data loss prevention, cloud malware detection, and activity monitoring, which are historically complex to deploy and traditionally on premise. Cloud-based encryption enables organizations to securely adopt cloud applications by overcoming data privacy, residency, security, and regulatory compliance risks. Page 29 December 18, 2013

29 Vendors include Proofpoint, Concealium, CipherCloud, CloudCrypt, RSA, SafeNet, Sophos, Symantec, Voltage Security, and Vormetric. Data and Application Protection Data protection and the cloud: is the cloud safe? One of the major concerns of adopting cloud computing, regardless of the layer (IaaS, PaaS, SaaS), is the security of the data in the cloud. This comes in several forms: physical security of the data, the integrity of the data, ability to access, controlled access, etc. There are, generally speaking, two schools of thought on this issue: the first one states that critical data should not be put in the cloud, and the second states that data in the cloud is at least as secure, if not more so, than in the internal data center. We tend to agree with the latter, at least with regard to the SaaS layer and in the long term, even though we realize that in reality many will choose to keep critical data in-house. The SaaS layer is mature and this issue has been worked out. Our agreement with the second school of thought is based on the experience of the hugely successful on-demand CRM and ERP vendors (Salesforce.com and NetSuite respectively). Their existence hinges on ensuring that data are safe and accessible, and we believe that the secure multi-tenant architectures they and other SaaS providers employ have already been proven, as evidenced by thousands of customers. This is further corroborated by the growing adoption of the SaaS delivery model for all types of applications whether they are mission critical or not. Page 30 December 18, 2013

30 Exhibit 15. The Key to Cloud Adoption Is Ensuring Trust and Data Protection Threats and Data Breaches Data Protection Data Classification IAM Authentication DLP data-at-rest and data-inmotion Single Sign-On Standards Data protection remediation Data encryption Enterprise DRM Identity federation Application whitelisting/ blacklisting Cloud APIs IaaS Cybersecurity Compliance Mobile Proliferation SaaS Transaction Security Secure website certification SSL certificates Digital signatures PCI Compliance Web Fraud Detection TRUST Security Management Configuration and change management Patch management SIEM Vulnerability management Automation and lifecycle management Advanced Persistent Threats Regulations Cloud SPs PaaS Social Networking Source: BMO Capital Markets The key to cloud adoption is ensuring trust and data protection. The cloud introduces new complexity to enterprise security. Moreover, the majority of malware nowadays is designed to steal data. As a result, vendors and customers are increasingly focused on establishing trust in the cloud and ensuring data protection, which we believe can be grounded on a set of four key technologies: data protection, identity and access management (IAM), transaction security, and security management. Multiple surveys indicate that organizations plan to spend more on data security, and identity and access management. We expect that, over time, these technologies will begin to converge because of both natural fit and the need to simplify management of multiple products. These technologies operate in a rapidly changing environment, which includes forces such as data breaches, social networking, mobile proliferation, regulations, emerging cloud standards, and many others. Data Protection Traditional security defenses are not designed to tackle data loss from internal sources, but are built to protect the perimeter of a network; DLP products help provide comprehensive protection. DLP products include functionality to classify data, monitor content, detect violations, keep critical data from leaving the perimeter, and lock in data (remediation) when violations occur. Page 31 December 18, 2013

31 DLP components include data-in-motion ( and attachments), data-at-rest, and end-points. DLP requires extensive data classification efforts, limiting initial adoption with large enterprises. It is consumed either as part of a broader security solution set or as a standalone enterprise solution. Broader security offerings Many secure gateway service providers, along with other traditional perimeter solution providers, are incorporating basic as well as advanced DLP capabilities natively within their offerings. Gartner projects that~70% of organizations may be able to deploy good enough DLP capabilities. Enterprise solution This is full-featured content-aware DLP, with a centralized management console for policy definition and event workflow. The majority of large enterprises purchase at least two of the three primary channels (network, endpoint, and discovery) in an initial purchase, but few deploy all three simultaneously. According to Gartner, ~40% of enterprises led their DLP deployments with network requirements, ~40% started with endpoint requirements, and 20% began with discovery requirements. Enterprises that began with network or endpoint capabilities nearly always deploy data discovery functions next. Besides internal threats, DLP is driven by government and industry regulations that require companies to safeguard the integrity of personal information (customers and employees) and the company s digital assets, risk management, and data discovery. The DLP market has been shaped through acquisitions [Symantec (Vontu), McAfee (Onigma, Reconnex), Sophos (Utimaco), CA (Orchestria), and others], and evolved from endpoint products to context aware functions, and the integration of identity awareness in traditional DLP products. Symantec DLP (Vontu) is the No. 1 overall enterprise DLP vendor. RSA offers DLP, data protection, and fraud prevention. As another way to prevent data leaks, some vendors are beginning to use digital rights management (DRM) and, specifically, embedding access rights into the metadata carried with a piece of data. In the case of cloud computing, once data are separated from a physical location, security issues arise because of the lack of a defined boundary. Further, owing to the nature of shared cloud services, data are constantly moving, requiring the use of data-in-transit as well as data-at-rest security measures. Therefore, by protecting both in-transit and at-rest data, encryption becomes a necessary component for any cloud computing service. In many cases unencrypted data residing in the cloud are considered lost by customers. More important, compromised data that are encrypted do not need to be reported for regulatory purposes, in some cases. The bigger endpoint encryption vendors have been acquired: McAfee bought SafeBoot, Symantec bought PGP and Guardian Edge, and Check Point bought PointSec. Symantec has a comprehensive strategy here. DLP and encryption provides visibility into who owns the data, and Symantec offers three differentiated technologies vector machine learning (AI-based technology on figuring out sensitive information), Data Insight version 2 (monitoring specific information), and application file access control. Data Insight keeps track of who created the data, tracks that data from the moment it was created, and offers granular views into the data. Data Insight is integrated with the Symantec Data Management solutions, spanning both security and storage. Page 32 December 18, 2013

32 Identity and Access Management (IAM) IAM will play a big role in cloud security, we believe, as securing user and virtual machine identities across on-premises and cloud environments is crucial. Business trends like moving to the cloud, proliferation of mobile devices (BYOD), social networking, and big data are revolutionizing the way employees, customers, consumers, and partners access applications and information. In addition organizations are making applications and access to data available anytime, anywhere, and from any device. The critical aspect of enterprise security and risk management is guarding the critical assets of the organization and trying to make employees more productive. Setting policies that create rules are no longer enough. Of the IAM sub-markets, some are mature (authentication, user provisioning, web access management, enterprise single sign-on), while others that will play important roles in securing identities and sensitive information in a cloud computing world are nascent (identity federation). CA and RSA have strong footholds in the mature areas of the market with many start-ups (as mentions above) are attaching the cloud IAM market. Security information management/security event management (SIM/SEM) and IAM are complementary, and we expect vendors to increasingly offer both (SIEM), given that while the former can be narrow in focus, user activity monitoring by IAM solutions is broad in scope. Similarly, content-aware DLP is complementary to IAM, as managing sensitive data in the cloud goes hand in hand with user identities. Whitelisting is complementary to access management as it provides a granular control over the type of software users can download according to a company s policies. Transaction Security As the cloud necessitates the constant movement of data, it is important that the parties involved trust the identity of the counter-party and the security of the data. Digital certificate signatures attached to the data will be a key tool in ascertaining the integrity of data, which are validated by a third party such as Symantec. Website security and privacy seals like Qualys SECURE Seal, McAfee Secure and the Symantec Trust Seal and PCI compliance solutions help keep ecommerce safe and establish trust from consumers and businesses transacting on the web. Cloud providers are beginning to use certificates to establish trust in their services. The PCI Security Standards Council states that any virtual machine that handles, stores, or transmits cardholder data must be governed by the PCI DSS. Vendors, like DocuSign, offer trusted transaction management solutions for esignatures. Web fraud detection (WFD) helps an organization detect and prevent fraud that occurs over the web and mobile channel. Innovation is taking place at a rapid pace here as mediums change and processes like geolocation are incorporated. Trusteeers acquisition by IBM recently validated this market. Security Management Over the past couple of years, there has been a trend toward the merging of security and some aspects of management related to security (i.e., Symantec, Trend Micro, McAfee, EMC RSA, and Check Point). Page 33 December 18, 2013

33 The need for security management stems partly from the fact that much vulnerability are designed to exploit known but un-patched systems, highlighting the importance of security integrations with operations management tools such as asset discovery, operating system, and application configuration management, patch management, directory integration, and software distribution to manage distributed endpoints. Asset discovery can help correlate software inventory with the vulnerability and available patches, while configuration management identifies out-of-compliance endpoints. Intelligence from vulnerability management and SIEM tools can feed into operations management and incident response systems this is a new and growing trend. A natural convergence between vulnerability management and patch management can close the loop from intelligence on possible security gaps and automating the closing of those gaps. Automation and lifecycle management will be increasingly important because of the tremendous increase in the number of endpoint devices and the need for simplified and consistent management. Application and Data Center Security New application delivery models (SaaS, PaaS), the explosion of big data, the increasing complexity of IT networks (IaaS, Virtualization), and the increasing prevalence of mobile usage in the workplace are posing new security risks. Further exacerbating the issue, application security technology has not kept pace with these new technologies. This has led to an increasing number of attacks that have originated from within the firewall (i.e., the enterprises own employees). As a result, application security is increasingly being adopted as a separate discipline (outside of network security, data security, etc.) with its own technologies, processes, and dedicated personnel. Web Application Firewalls Market Overview: Specialized Firewalls That Protect Specific Applications or Services Web application firewalls (WAF) inspect the contents of the application layer of IP packets, protecting websites from threats not picked up by traditional network firewalls, including by patching Web applications. WAFs sit between a web application and the client end-point. WAFs come in several form factors (software, hardware, appliance, servers) and can be standalone device or integrated with other network components such as firewalls, proxies, load balancers, and others. Demand for WAFs is being primarily driven by regulations such as PCI compliance, HIPAA/HITECH Act Compliance, the Sarbanes-Oxley Act, and now the potential regulations created from the President s recent executive order on cybersecurity. The WAF market is a very early stage market generating what we expect is under $500 million. The largest verticals for WAFs are e-commerce and retail. Web application firewall vendors include Imperva, F5 Networks, Barracuda Networks, Trustwave, Bee Ware, Citrix, Deny All, and Riverbed. Page 34 December 18, 2013

34 Exhibit 16.WAF Provider Deployment Options Source: Gartner Competitive Landscape: Web Application Firewall Market, Worldwide, 2012 June 29, 2012 As we can see in the exhibit above, only 3 out of the 8 vendors shown offer some kind of solution as a service. However, similar to application testing, increasingly vendors will offer WAF-as-aservice to remain relevant especially in the SMB space where cost considerations can make a serious impact on purchasing decisions. Qualys has a WAS-as-a-service product in beta. Database Activity Monitoring (DAM): Compliance a Major Driver The database activity monitoring market (DAM) is rapidly evolving (5%-20% penetrated), with many vendors moving away from point-only solutions. The DAM market is now widelyrecognized as an important enterprise technology because it provides specialized event collection and analysis capabilities for security management and reporting. Compliance remains the largest driver of DAM adoption. It is important to note that, while the DAM technology has historically been offered as a point solution, there are different approaches to deploying the technology and consolidation in the space has been taking place (i.e., IBM acquiring Guardium, Oracle buying Secerno). Imperva is now one of the only independent DAM vendors in the market. Because the market is still in early stages (between 5% and 20% penetrated), it is difficult to predict which one of these approaches will win, but Imperva s integrated approach is compelling, in our view. There are five emerging approaches to DAM (listed in order of most mature to least mature). Gartner recommends to customers to use either DAM, SIEM, or DLP depending on the situation, with DAM recommended to address database vulnerabilities, database audits, and granular monitoring. With so much of the data breaches coming from database intrusions, it is our view that the market is moving toward comprehensive DAM solutions, while it is difficult to apply SIEM and DLP to database security issues. Data and information governance: comprehensive integration of database and data security as part of enterprise information management (example: IBM Guardium). Page 35 December 18, 2013

35 Enterprise data security: protection of structured and unstructured data throughout data s lifecycle (example: Imperva and IBM Netezza s discontinued Mantra product). Database security management: focus on relational database management system with expansion to vulnerability management, change and configuration management (example Application Security). Enterprise security monitoring: move by SIEM, DLP, and UTM vendors into some aspects of DAM technology, either licensed or internally developed. Stand-alone DAM: DAM-only technology with impetus stemming from legal and regulatory requirements, but is the least mature approach, and Gartner expects this approach to decline. Application Security Testing: Moving to Cloud Security Traditional application security emerged in the early 2000s with static application security testing (SAST) and dynamic application security testing (DAST). Today, Gartner estimates that 20% and 60% of all enterprises use those two technologies, respectively. Those respective percentages are expected to increase to 50% and 80% by The market is expected to grow at a 15.6% CAGR through 2017 to $857 million, according to Gartner. SAST is designed to test the application for vulnerabilities when that application is not running. Alternatively, DAST is designed to detect vulnerabilities in an application while it is running. Importantly, SAST solutions are often used in tandem with DAST solutions because each technology can find vulnerabilities that the other cannot. In these two markets, HP and IBM are the clear leaders, although market share data is seldom available. In 2007, HP entered the DAST market by acquiring SPI Dynamics and entered the SAST market with its 2010 acquisition of Fortify. IBM entered the DAST market with its 2007 acquisition of Watchfire. Other players include Cenzic, NT OBJECTives, Veracode, WhiteHat Security, Acunetix, and Quotium Technologies amongst others. As more and more enterprises become comfortable with security-as-a-service, we believe application testing will be one of the main security solutions to move to the cloud, driven by the clear cost benefits and the fact that it is a less critical solution when compared with firewalls, IPS, and anti-malware solutions. This is being supported by the success of Qualys recently introduced web application scanning product. Cloud Computing Implications for Security As organizations move to the cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (private, public, hybrid). There are a number of security issues/concerns associated with cloud computing. As this shift happens, the provider must ensure that its infrastructure is secure and that its clients data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect its information. Page 36 December 18, 2013

36 In cloud computing, the security implications are very different from those prevailing in physical data centers, as cloud providers become key partners in providing security as data and applications are dispersed between on-premises and the private and public clouds. Normally, there is a direct relationship between the service levels offered by a cloud provider and the security that is integrated into the service. On the IaaS layer, cloud providers may deliver raw compute and other resources, but burden the customer with application security. On the SaaS layer, the secure application is delivered and managed by the SaaS provider. Other security issues that arise in cloud computing environments, according to Trend Micro, fall into two groups: virtual machine centric and cloud computing centric. Virtual machine centric issues include: Dynamic virtual machines: as we discussed in the previous section, maintaining consistent security across VMs and physical machines is critical. Vulnerability exploits and VM-to-VM attacks: co-location of multiple VMs increases the attack surface and VM-level IDS/IPS are needed to detect malicious activity at the VM level. Securing dormant or offline VMs: anti-malware scanning agents cannot be run on dormant or offline VMs and cloud providers need to be able to secure both. Data integrity in shared environments: The majority of data breaches result from hacking or intrusions, and shared cloud environments present a bigger attack surface; monitoring of data on shared infrastructure and OS and application files and activities is needed to ensure data are not tampered with. Encryption and data protection: PCI, HIPAA, and other regulations include requirements for the use of encryption to protect critical information to achieve compliance in the case of data breaches; the shared nature of the cloud amplifies these requirements. Patch management: It can become confusing as to who is to provide patch management services when enterprises use application templates provided by cloud vendors; examining the SLAs is key and virtual patching should be considered. Policy and compliance: Enterprises need to prove that compliance with security requirements (PCI, HIPAA, others) is met regardless of where IT systems are located (on-premises physical, on-premises virtual, VMs running in the public cloud). Perimeter protection and zoning: The traditional firewall cannot extend to the cloud; thus zones of trust in the cloud and self-defending VMs are needed. Rogue corporate resources: Eager to adopt the cloud, some organizations or users can be reckless in putting critical data and resource on the cloud too early as corporate cloud policies are still nonexistent or in the works. The bottom line is that, in cloud computing, the traditional security and compliance models need to be mapped to cloud computing, while filling any gaps arising from the move to cloud computing. Page 37 December 18, 2013

37 Cloud Application Control Secure cloud applications and social media control is becoming a top priority of IT organizations as core business functions like sales, marketing automation, HR and accounting move to the cloud. As cloud applications continue to become more mainstream, managing which employees have access and controlling privileges such as the ability to download or write to these applications is critical. Zscaler gives IT organizations immediate, clear visibility into which cloud applications are being used throughout the enterprise. Unlike traditional solutions that block applications altogether, Zscaler offers granular, flexible, and comprehensive policy-based controls by: Application, department, user, or location. Action, such as the ability to view social networking sites, but not post to them, and Time and volume quotas. Who s Responsible for Security in the Cloud? One of the main hindrances in the adoption of cloud computing is the notion of who controls the security of my data? In evaluating cloud computing as an alternative to traditional IT, organizations have to be mindful of where security responsibilities lie, and to what extent they are willing to sacrifice flexibility versus security. Different delivery methods (SaaS, PaaS, and IaaS) require different amounts of security to be taken on by the provider. As you move up the stack (IaaS, SaaS), more security responsibility is taken on by the provider; however, this could come at the expense of some flexibility as the provider standardizes. In the SaaS layer, SLAs, security, governance, compliance, and liability of the provider/service are contractually spelled out, adhered to, and enforced. The exhibits below highlight the level of responsibility shared between the customer and the provider for different delivery methods. SaaS provides a large amount of integrated features and more security built into the offering, thus reducing its openness and flexibility, while IaaS provides few features and functionality and no security beyond the underlying infrastructure, making it flexible, but increasing consumers security requirements as features and functionality are extended from the infrastructure. Cloud deployment options not only require that a distinction be made between the physical location of the underlying infrastructure, but also between who is consuming the service and who is responsible for the data. The difference between trusted (internal) and untrusted (external) users also determines the level of an organization s responsibility for underlying security. The bottom line is that portions of the cost savings gained through cloud computing need to be invested into additional security measures: 1) to ensure that cloud service providers are taking the necessary steps to protect data, ensure their information security systems are responsive to customer requirements, and meet individuals legal and compliance requirements; and 2) for consumers to implement cloud services effectively within their organizations. Page 38 December 18, 2013

38 Mobile Security With the continuing growth of BYOD in the workplace and the prevalence of mobile devices, mobile security is primed to grow well above the industry average for the foreseeable future. To enable corporate use of employee-owned devices, organizations are shifting dollars that would have been used to buy devices to security and management tools for employee-owned devices. Although the market is fairly nascent, the potential Greenfield opportunity is apparent, which has driven a number of large and small, public and private players into the market. Enterprise Mobility Management is key to enabling mobile computing in the business context. Traditionally connected devices have been managed by the group within IT; however, with mobility being driven by applications, the traditional group is no longer optimal to manage mobile devices. Applications make protecting the data over the device prominent, and require a broader management and security framework. This trend is resulting in a growing number of mobile groups within IT. Enterprise mobility management (EMM) is a set processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context. In the mobile world, security, management, and apps are intertwined. Incorporating a security framework into the application and device management process is necessary for a comprehensive offering. Furthermore, security features that act as a proxy between the mobile device and behind the firewall IT requirements are necessary. Enterprise mobility management proposes systems to prevent unauthorized access to enterprise applications and/or corporate data on mobile devices combining security, configuration management, and policy support to deliver tools such as remote backup and restoration of data, on-device password and data encryption, remote kill and data deletion for lost or stolen devices (full and selective), remote delivery of security patch updates, mobile certificates, sandboxing, mobile application stores, and others. The convergence of management and security in the mobile world has led to vendors migrating from adjacent markets (management, security, etc.) toward mobile device management. Our research suggests that Enterprise Mobility Management vendors are gaining the majority of market share based on their mobile-only focus, and leading vendors have acquired/built platforms. Subsequently, we have and expect to continue to see continued M&A in this space. Symantec acquired Nukona, McAfee acquired Trust Digital and tencube. IBM acquitted Trusteer and Fiberlink. Standalone vendors AirWatch, GoodTechnology, and MobileIron lead as independent vendors. Historical Mobile data protection products protect access to secure data on storage systems in notebooks, removable media, desktops, and servers. Within the mobile data protection, Intel/McAfee has been a long time player and has one of the industry s best mobile data protection solutions. Other leaders include Sophos, Check Point, Symantec, Credant, and WinMagic amongst others. Page 39 December 18, 2013

39 Exhibit 17. Gartner Magic Quadrant for Mobile Device Management Source: Gartner Citrix s XenMobile allows IT to easily meet mobile device security and compliance requirements for BYO and corporate liable devices, while giving users the freedom to experience work and life their way. Unlike other mobile device management (MDM) and mobile application management (MAM) products, XenMobile provides a quick path to productivity for mobile users with the lowest cost of ownership: Access secure mobile, Windows desktop, SaaS and web apps from a unified corporate app store. It delivers productivity apps including native like and browser that both users and IT, and secure enterprise apps with a single line of code or wrap apps post development without adding any code. AirWatch is a leader in enterprise-grade mobile device management, mobile application management, and mobile content management solutions designed to simplify mobility. More than 8,000 customers across the world use AirWatch to manage their mobile devices, including the apps and content on those devices. AirWatch solutions are comprehensive, built on a powerful yet easy to use platform by leaders in the mobile space. AirWatch Mobile Security ensures enterprise mobility deployment is secure and corporate information is protected with end-to-end security extending to users, devices, applications, content, data, , and networks. Page 40 December 18, 2013

40 AirWatch provides real-time device details and continuous compliance monitoring to ensure devices and corporate data are secure. The company ensures the security of all devices, protects and secures apps with device and application-level policies, and containerizes corporate content and keeps it secure with FIPS-140 compliant 256-bit SSL encryption, location and time-based access, and printing restrictions. MobileIron provides organizations with a security and management platform for mobile apps, content, and devices to embrace mobility as their primary IT platform. MobileIron s mission is to enable global companies to become Mobile First organizations, embracing mobility as their primary IT platform in order to transform their businesses and increase their competitiveness. MobileIron solutions provide end-to-end security and management for apps, docs, and devices MobileIron Advanced Mobile Management combines traditional mobile device management capabilities with comprehensive security and app capabilities. A mobile IT administrator can manage the lifecycle of the device and its apps, from registration to retirement, and quickly get mobile operations under control. MobileIron allows for the administrator to manage devices from a central web-based console, configure devices, set policies for encryption and lockdown, enforce passwords, remotely lock and wipe devices, and allow end-user self-service for their devices. End Point Security Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Endpoints can include PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals. An endpoint security system is controlled by the central server including security software being installed to the device. To allow access to the network the server recognizes the device and lets it continue, therefore only recognized devises can access the server. An additional benefit of endpoint security is that it normally comes with antivirus software, anti-spyware, and firewall protection. Endpoint security needs to be used within businesses as employees use remote devices to work while traveling or at home and at the same time transfer information, so in order to do this with no risks endpoint security is a must have. The 2013 Verizon Data Breach Investigations report explains that running a campaign with just three targeted phishing s gives the attacker a better than 50% chance of getting at least one user to click and have their machine compromised; sending 10 almost guarantees getting at least one user to click and compromise their device. Symantec Endpoint Protection is an antivirus and personal firewall product leveled at centrally managed corporate environments security for servers and workstations. McAfee Endpoint Protection Advanced Suite provides enhanced security against stealthy attacks, behavioral anti-malware, dynamic whitelisting, and instant risk prioritization, in addition to the essential antivirus, antispam, web security, firewall, and intrusion prevention. Page 41 December 18, 2013

41 Check Point Endpoint Policy Management Software Blade simplifies endpoint security management by unifying all endpoint security capabilities for PC and Mac in a single console by monitoring, managing and enforcing policy, from dashboard down to user and machine details. Consumer Market Disrupted by Tablets and Freemium Model The consumer security market reached its peak in 2004 when major vendors like Symantec and McAfee experienced 60%+ annual revenue growth. The pre-2005 boom period was driven by highly publicized virus threats that instigated consumer demand in this underpenetrated market. The post-2005 period saw the saturation of the market (in terms of paid unit growth) and increased competition, including from freemium vendors. Consequently, revenue growth for major vendors decreased significantly to the mid- to high teens and has continued to decrease and now appears flat to down. The consumer landscape has traditionally been dominated by Symantec (~40%-50% paid market share). Symantec has been facing consistent aggressive competition from Intel/McAfee (15%- 25% paid market share). We believe that the $4.9 billion consumer security market is ~90% penetrated and that it is dominated by free and freemium solutions >50% unit share. The freemium model is effective, but conversion rates are in the low- to mid-single digits. We believe that the rise of tablets and Apple Macs will have a long-term negative impact on the market; however, upsell to online backup and services is an opportunity. Regulation Driving the Need for Compliance Checks Regulatory compliance is becoming an increasingly important component of IT, especially since the cost of compliance grows with each new regulation. As a result, compliance is becoming an increasingly hot topic with C-level executives. In the 2012 Gartner CEO Survey, regulatory risk was cited as the No. 1 business risk. With Dodd-Frank, healthcare reform, more stringent privacy rules, and the increasing need to regulate the internet, amongst other new and upcoming regulations, enterprises will likely turn to compliance standards as never before. This should continue to drive the need for compliance software over the long term. President Signs Executive Order on Cybersecurity In February 2103, President Barack Obama signed an executive order on US cybersecurity. Although there are few details, it is believed that the executive order will call for the establishment of a council of government agencies, which will be headed by the Department of Homeland Security. The executive order comes despite the recently failed Cybersecurity Act of 2012 (CSA), which was voted down in the Senate in early August Similar to the CSA, the council will be responsible for formulating new regulations and processes to protect against cyber attacks on the nations critical infrastructure. The recent uncovering of the NSA's secret internet spying program PRISM has put a speed bump into the legislative process, and a cybersecurity bill is not expected until Page 42 December 18, 2013

42 The real implications on the software industry won t be realized until the council formulates its processes and regulations. As such, we try to provide an easy to understand synopsis of the CSA to give investors an idea of what the bill entailed and the possible implications on our coverage universe. What Happened to the Cybersecurity Act of 2012? On August 2, 2012, the Senate voted against passing the Cybersecurity Act of 2012 (CSA) falling 8 votes short of the required 60 votes to defeat the filibuster. Part of the bill called for the voluntary sharing of information between government agencies and private corporations. Concern over how information would be shared between government agencies and businesses under certain circumstances called into question whether the act would enable the violation of civil liberties. Additionally, some argued the bill would impose debilitating financial requirements on small businesses to establish the proposed cybersecurity measures. First, the CSA proposed to conduct a sector-by-sector risk assessment to determine the potential threat and vulnerabilities of the nation s critical infrastructure as defined in the USA Patriot Act, which are defined as systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters (Sec. 1016(e)). This includes telecommunication systems, public and privately owned information systems, electrical power systems, nuclear facilities, gas and oil storage, banking and financial systems, transportation infrastructure (including airports and aircraft), water supply systems and other utilities, emergency services, government, and livestock and agricultural systems for the supply of food. Second, the bill seeks to provide the Secretary of Homeland Security with the authority to create and implement security policies in conjunction with other agencies and businesses. Importantly, the bill doesn t in and of itself determine what actions and policies are required to protect the nations critical infrastructure. Instead, it seeks to provide the authority to create and implement policies to certain members of the cabinet and government agencies most notably the Secretary of Homeland Security. This is similar to what the President has signed as an executive order. Once the Secretary of Homeland Security has determined the appropriate course of action and policies, the head of each government agency will be required to develop and implement an agency-wide security program that will include (amongst other things) security testing and evaluation including vulnerability scanning, intrusion detection and prevention, and penetration testing. As it pertains to protecting government IT infrastructures (i.e., federal, state and local agencies), entities would be required to implement security measures that enable ongoing real-time or near real-time processes to determine if deployed security controls within a system continue to be effective over time essentially vulnerability assessment. Page 43 December 18, 2013

43 Importantly, the proposal goes on to state that the vulnerability assessment process requires automation to enable cost effective, efficient, and consistent monitoring and provide a more dynamic view of the security state of those deployed controls. Thus, vendors that can provide cost effective, efficient, consistent, and dynamic vulnerability assessment should win a disproportionate amount of that business. In our coverage, Qualys fits the bill and would certainly benefit from increasing government penetration, which makes up just ~4% of the company s total revenues (compare that with other security vendors which generate anywhere between 10%-20% of revenues from government agencies). Evaluating Vendors Positioning to Benefit From Next- Generation Security We see an opportunity for those vendors that own many of the pieces of next-generation security to ensure trust and data protection in the cloud and can deal with advanced persistent threats. In the following chart, we have tried to the best of our current knowledge to show how the major publicly traded vendors are positioned in critical cloud security areas (Note: shaded area indicates amount of exposure). Exhibit 18. Vendor Approaches to Security Barracuda Networks (CUDA) Data Protection Network Protection Advanced Web SaaS DLP/ Transaction Security Threat Application Business encryption IAM Security Management Anti-malware Firewall IPS Web Protection Firewall SIEM CheckPoint (CHKP) Cisco (CSCO) EMC RSA (EMC) FireEye (FEYE) Fortinet (FTNT) HP (HPQ) IBM (IBM) Imperva (IMPV) Intel/McAfee (INTC) Juniper (JNPR) Microsoft (MSFT) PaloAlto Networks (PANW) Qualys (QLYS) Symantec (SYMC) Source: BMO Capital Markets. JV JV The market for security vendors ranges from the consumer and home office to the largest Fortune 500 enterprises to the various local, state, federal, and international governments. An increasingly global threat landscape coupled with the rapid changes in technology brought about through the rise of cloud computing currently leaves these markets underserved, in our opinion. According to Verizon s 2013 Data Breach Investigations Report, almost three-quarters of all data breaches (72%) targeted companies with less than 100 employees and the vast majority are initiated with a spear-phishing campaign. The exhibit below highlights the addressable market for security products and services. Page 44 December 18, 2013

44 Exhibit 19. Vendor Position Within Addressable Market Enterprise (>1,000 Employees) 7,415 US firms Medium Business (500-1,000 Employees) 9,098 US firms Small Business ( Employees) 90,386 US firms Home Office/Consumer Source: BMO Capital Markets M&A Outlook Although we believe there are signs indicating a positive shift in the initial public offering market, the mergers and acquisitions landscape tends to provide another attractive liquidity option for a number of private companies. Because of an increased focus on security by the venture capital community, there are a great number of players in the marketplace that do not have the scalability, customer base, and financial metrics to pass the stricter criteria of the IPO market. We continue to see private equity and VC investors funding leading analytic and cyber security companies. As the number of point products solving specific security problems increased to such as extent as to cause management and operational problems, and as bigger security vendors folded such functionality, either built organically or acquired, at deep discount in their suite offerings, this resulted in a natural shift to vendor consolidation. Buyer requirements include: Large market opportunity, leading technology position, High revenue growth with strong pipeline and recurring revenues, and High gross margins Page 45 December 18, 2013

45 Acquisitions in the security space have had mixed results. M&A, both past and present, should continue to shape the security landscape. M&A by larger IT vendors (Cisco, IBM, HP, Intel, Juniper) outside of their core businesses have not yielded the same success as security focused vendors. Acquirers have experienced flight of top talent, and market share losses. Private equity has also been historically active in the space (Blue Coat, Entrust, Sophos, CA Security Business, Websense), often acquiring vendors under duress, lacking strategic direction, or unlocking value. M&A volumes have rebounded, driven by increased liquidity positions (equity and debt markets, cash heavy balance sheets) and pent-up demand to make acquisitions that increase growth. Over the next several years, we think it is likely that M&A activity will remain high, especially in the cloud and network-security space. Large-scale consolidation typically happens at the hands of the large players such as Cisco, Intel, IBM, EMC, Dell, Symantec, etc. Additionally, the acquirers of security companies are broad including security, defense, enterprise software, digital media, and communications. Since the beginning of 2010, the average M&A transaction is done at ~3.4x sales. Thoma Bravo represents private equity investors in the security market. The company's consolidation investment strategy and process targets control investments in companies with strong business franchises led by experienced executives who aspire to achieve industry leadership. The company works in close partnership with a company s management team to implement operating best practices and use its consolidation expertise to rapidly improve earnings and increase equity value. Thoma Bravo s investments in the security market include: Blue Coat Systems is a leading provider of web security and WAN optimization solutions, Entrust secures digital identities and information for consumers, enterprises and governments, Tripwire provides automated compliance and security management solutions to enterprises and governments worldwide, and SonicWALL is a leader in advanced network security, secure remote access, security, backup and recovery, and management and reporting which was later sold to Dell. Page 46 December 18, 2013

46 Exhibit 20. Select Security M&A Transaction ($ in millions) Value Sales Date Seller Name Buyer Name Target Business Description (in millions) Multiple Dec 13 Prolexic Akamai DDoS protection & mitigation services $370 NA Aug 13 Trusteer IBM Malware and fraud prevention $900 NA Jul 13 Sourcefire Cisco Network security $2, x May 13 Websense Vista Equity Partners Secure web gateway security $ x May 13 Stonesoft Intel (McAfee) NGFW $389 NA Oct 12 Mobilisafe Rapid7 Cloud based mobile risk management NA NA Mar 12 Sonicwall Dell Network security and data protection NA NA Feb 12 Mykonos Software Juniper Web intrusion prevention systems $80 NA Dec 11 Blue Coat Systems Thoma Bravo Security & WAN Optimization $1, x Oct 11 Nitro Security Intel (McAfee) SIEM NA NA Oct 11 Q1 Labs IBM SIEM and log management NA NA May 11 CA Security Business Updata Partners Security Software NA NA Apr 11 NetWitness EMC Network security NA NA Mar 11 Sentrigo Intel (McAfee) Database Security NA NA Jan 11 Immunet Sourcefire Cloud Security $21 NA Jan 11 SecureWorks Dell Managed Security Provider NA NA Dec 10 Altor Networks Juniper Virtualization Security $95 NA Dec 10 Everest Technology Solutions KEYW Corporation Cybersecurity $30 1.5x Sep 10 L 1 Identity Solutions Safran S.A. Identity Solutions $1, x Sep 10 ArcSight HP SIEM $1, x Aug 10 Cogent Systems 3M Identity Security $ x Aug 10 McAfee Intel Endpoint and Consumer Security $6, x Aug 10 Fortify HP Application Security NA NA Jun 10 SonicWALL Thoma Bravo/Teachers Private Capital Network security and data protection $ x May 10 TrustDigital McAfee Mobile Security Management $33 NA May 10 VeriSign Security Business Symantec Security Software $1, x May 10 Sophos APAX partners Security Software $ x Apr 10 PGP Symantec Encryption $ x Apr 10 Guardian Edge Symantec Encryption $70 3.9x Jan 10 Archer EMC Risk and Complaince $ x Median: 3.4x Source: BMO Capital Markets IBM has built an enterprise-focused security portfolio to build on the acquisition of Internet Security Systems in BigFix in 2010 gave offers of an operational platform for workstation configuration management; in 2011, with Q1 Labs, IBM obtained a security information management offering. Most recently, IBM bought Trusteer, a leader in of detecting and preventing malware at the endpoint The largest in several years was Cisco in July buying Sourcefire for $2.8 billion. Sourcefire s FireAMP and FirePOWER network security appliances combine for advanced malware protection (and forensic data capture) on networks and endpoints. Cisco plans to use Sourcefire as an engine to re accelerate its security franchise. Akamai recently paid more than $370 million in cash plus the assumption of options for Prolexic, a supplier of cloud-based DDoS prevention services. It is estimated that Prolexic had about $50m in projected revenue for 2013, representing a multiple of 7.4x trailing 12-month revenue. Page 47 December 18, 2013

47 Key Drivers of Investing in Security There has been 12 security IPO s over the past several years, up significantly versus a handful in previous years, driven by increased venture investment and new opportunities brought on by the increasing threat landscape. Security stocks have historically acted like insurance, tending to outperform during recessions and underperform in good economic times. While it is too early to tell, we believe that the confluence of the initial phase of economic recovery and the beginning of a new generation of IT (underpinned by cloud computing driving the next generation of security and increased government security spending) could position those security vendors that are most aggressive in providing trust and comprehensive data protection to outperform. Key drivers for investing in security include: Security threats are always evolving. Securty is non discretionary budget item. Very large and growing market opportunity. Industry growth exceeds many other areas of IT. Strong profitability with above average gross and operating margins. Recurring and predictable revenue streams. Page 48 December 18, 2013

48 Summary of Covered Companies Barracuda Networks (CUDA, Outperform) Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems efficiently and cost effectively, while maintaining a level of customer support and satisfaction. Its products span three distinct markets, including 1) content security; 2) networking and application delivery; and 3) data storage, protection, and disaster recovery. The company has more than 12 purpose-built solutions that support every aspect of the network providing organizations of all sizes with true end-to-end protection that can be deployed in hardware, virtual, cloud, and mixed form factors. The company maintains 44 patents of which 18 are organic and 26 acquired. It has approximately 55 pending. Barracuda designs and delivers easy-to-use security and storage solutions. In addition, the company offers cloud-connected solutions that help organizations address security threats, improve network performance, and protect and store data. Its model enables continuous software updates, offsite redundancy and distributed capacity, and are offered on a subscription basis. The company's solutions are delivered as cloud-connected appliances and virtual appliances, as well as cloud-only solutions. Key Product Offerings The Barracuda Spam & Virus Firewall includes spam and virus blocking, denial-of-service prevention, continuity, encryption, and policy management features. With the included Cloud Protection Layer, or CPL, Barracuda Spam & Virus Firewall customers can route their through the Barracuda cloud performing advanced malware detection and pre-filtering to keep threats off their premises, reduce incoming connections to their network, and spool mail in the event their sites become unavailable. The cloud-based Barracuda Security Service provides the same functionality as the Barracuda Spam & Virus Firewall and is designed for customers who host their own , but wish to fully offload their security to a cloud service. The Barracuda Web Filter integrates several technologies for setting and enforcing granular web filtering policies and blocks user access to known malicious websites, scans web downloads for malware, enables granular enforcement based on existing user and group authentication, and provides comprehensive web usage visibility through intuitive dashboards. The cloud-based Barracuda Web Security Service is designed to deliver web security and policy enforcement in highly distributed network environments. Barracuda Next-Generation Firewall offers Layer 7 application visibility and adds user-identity awareness to safely enable access policies for specific users and user groups. It integrates network firewall, intrusion prevention, or IPS, VPN, and Layer 7 application control, with options for additional components such as web security. The Barracuda Firewall is delivered as a hybrid appliance and can be managed locally through a familiar web interface, or from the cloud. The Barracuda Web Application Firewall protects web servers from data breaches and downtime by intercepting sophisticated application-layer attacks, such as SQL injection, cross-site scripting, or XSS, session hijacking, and application-layer distributed denial of service, or DDoS. Page 49 December 18, 2013

49 The Barracuda Load Balancer ADC optimizes application performance, availability, and security and is an integrated platform that distributes network traffic across multiple servers using advanced Layer 4 and Layer 7 load balancing techniques including global server load balancing, or GSLB, content caching, data compression and connection pooling to offload computing functions from backend servers and improve application response time. The Barracuda SSL VPN provides remote users with secure access to internal network resources from any web browser, while providing the security needed to protect internal systems from unauthorized access, viruses, and other malware. Barracuda Backup is an end-to-end solution that simplifies the backup process and enables secure offsite replication to other Barracuda Backup appliances and to the Barracuda storage cloud. Barracuda Backup uses advanced deduplication technology to reduce the amount of backup data stored. The company's LiveBoot technology enables virtual appliances to be run directly from the backup for disaster recovery purposes, from either the local appliance or the cloud, without the overhead associated with restoring backup images to their original format. The Barracuda Message Archiver substantially reduces archive sizes by eliminating duplicate messages, storing only one instance of each message attachment, and then compressing the stored data and significantly reducing mail database sizes by decreasing retention policies on its active mail servers and by stubbing attachments, removing them from the mail server and creating references to the archived copies. Copy is a cloud-based file storage platform that allows customers to securely access, share, and sync files of any size from any device and works across Windows, Mac OS X, and Linux operating systems. SignNow platform is a mobile esignature application that enables users to electronically sign documents from internet connected devices, reducing the need to print, fax, or ship documents. Barracuda Central is a centralized and automated security intelligence center that enables continuous threat detection and monitoring. Data collected and aggregated at Barracuda Central is analyzed and used to create definitions for continuous automatic updates. Check Point Software (CHKP, Market Perform) Check Point develops, markets, and supports a wide range of software, as well as combined hardware and software products and services for IT security, including an extensive portfolio of network and gateway security solutions, data and endpoint security solutions, and management solutions. Check Point was an industry pioneer with its FireWall-1 and its patented Stateful Inspection technology. Check Point has recently extended its IT security portfolio with the development of a Software Blade architecture. Products and services are sold to enterprises, service providers, small and medium-sized businesses (SMB), and consumers. Key Product Offerings The company offers the Checkpoint DataCenter, VSX virtualized security gateway, Check Point Power-1 appliances, the Nokia IP series appliances, the mid-market UTM-1 appliances, the Page 50 December 18, 2013

50 Smart-1 security management appliances, Series 80 branch office appliances, and several other product lines. Over the past several years, Check Point has started moving its large install base from the old R65 to the R75 (launched February 2011) and newer software blade architectures, allowing the company to do more upsell of software blades. During 3Q2013, the company released the R77 version of its Software Blade Architecture, which delivered more than 50 product enhancements, including the new HyperSpect performance technology, which increases performance of advanced security operation by more than 50% on the same gateway. Blades are sold bundled with the product (embedded) or à la carte. Currently, the company has more than 40 blades in its portfolio, both network and endpoint. The company sells annuity blades and capital/perpetual blades (a customer buys only one blade). Annuity blades are subscription based, and revenues are recognized in services revenues, while perpetual-blade revenues are included in the basic product revenues. Blade products that were launched in the last few years have been sold as subscription, including IPS, Application Control, Anti-Bot, and new threat emulation for advanced persistent threats, and others. Imperva (IMPV, Outperform) The IT landscape, as well as new threat vectors, is increasingly challenging organizations. In our view, companies must address these challenges with new security products and solutions. Enter Imperva, a pioneer in a new category of security. Its flagship product, SecureSphere, is a leading data security and compliance solution. It protects sensitive data from hackers and malicious insiders, provides a fast, cost-effective route to regulatory compliance, and establishes a repeatable process for mitigating data risk. The SecureSphere suite of products includes three main segments: database security, file security, and web application security. Key Product Offerings SecureSphere Database Activity Monitoring (DAM) delivers automated scalable activity monitoring, auditing, and reporting for heterogeneous database environments. SecureSphere helps organizations demonstrate regulatory compliance through automated processes, analysis, and reporting. The product accelerates incident response and forensic investigation with centralized management and advanced analytics. SecureSphere web application firewall (WAF) delivers automated protection against current application attacks, including SQL injection, XSS, and CSRF. SecureSphere combines automated application learning with up-to-date protection polices and signatures from the Imperva Application Defense Center to accurately identify and stop attacks. Granular correlation rules, reputation-based security, and a powerful reporting framework complete SecureSphere's superior multi-layer protection. With multigigabit inline and non-inline configuration options, SecureSphere offers drop-in deployment and ultra high performance, meeting the most demanding data center requirements. As an add-on security service for the web application firewall, ThreatRadar bolsters defenses against large-scale automated attacks. ThreatRadar enables timely, real-world protection from known attack sources, such as malicious IP addresses and phishing URLs, as well as identifies source reputation and geographic location for forensics. By transmitting attack source feeds in Page 51 December 18, 2013

51 near real time to SecureSphere WAFs, ThreatRadar can quickly and accurately stop malicious users before an attack can be launched. The company is less than 20% penetrated in ThreatRadar, which has experienced rapid growth since its debut in 4Q10. The Imperva Cloud WAF, powered by Incapsula, is an easy, cost-effective cloud-based web application firewall service that offers businesses a way to protect critical web applications. It includes basic security services that provide ad hoc policy tuning and critical incident response times within four hours. SecureSphere File Activity Monitoring (FAM) delivers real-time monitoring and auditing of access to files stored on file servers and network attached storage (NAS) devices. SecureSphere file auditing provides flexible alerting, analytics, and reporting so administrators can document and communicate access activity to key stakeholders and demonstrate regulatory compliance. FAM includes user rights management for files for file rights auditing. Qualys (QLYS, Market Perform) Qualys operates as a security as a service provider (SecaaS), offering customers a suite of solutions that includes vulnerability management, policy compliance, PCI compliance, web application scanning, malware detection, and others. Its main distributors include Dell/SecureWorks (6% of rev), Acvuant, Accenture, IBM, Infosys, and TATA. Qualys has a broad customer base and many of its customers across all vertical are the largest and most wellknown brands in the world including Daimler, Microsoft, Goldman Sachs, Verizon, Bank of America, Pepsi, Coke, J.P. Morgan, GM, ebay, MetLife, Goldman Sachs, Apple, Home Depot, DuPont, Google, and Oracle. Key Product Offerings The QualysGuard platform is an SaaS offering. Customers scan their network with Qualys-hosted scan engines and use Qualys-managed appliances, which are deployed on site, to scan interior networks. The scan engine can also be virtualized to enable deployment in customer data centers and cloud environments. The solutions can be deployed easily and are designed to be implemented and operated without the need for any professional services, which is why the company does not sell professional services. The company offers two different editions of its QualysGuard suite: Enterprise Edition (75% of revenue), which is marketed to companies with greater than 5,000 employees, and Express Edition (25% of revenue), marketed to companies with fewer than 5,000 employees. QualysGuard Vulnerability Management (VM) automates network auditing and vulnerability management, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. QualysGuard Policy Compliance allows customers to analyze and collect configuration and access control information from their networked devices and web applications and automatically maps this information to internal policies and external regulations to document compliance. QualysGuard PCI (Payment Card Industry) Compliance is for organizations that store cardholder data; this is meant to be a cost-effective and highly automated solution to verify and document Page 52 December 18, 2013

52 compliance with PCI DSS (data security standards). The solution allows merchants to complete the annual PCI self-assessment questionnaire and meet demands of PCI for web application security. QualysGuard Web Application Scanning allows customers to discover, catalog, and scan a large number of web applications, which are often main attack vectors for cyber threats. QualysGuard Malware Detection Service provides the ability to scan, identify, and remove malware infections from websites. Symantec (SYMC, Market Perform) Symantec is a global leader in security, backup, and availability solutions. Its products and services protect people and information in any digital environment from the mobile device, to the enterprise data center, to the cloud. Its software and services protect against advanced threats independent of the device and environment in which information is used or stored. The company is in the midst of a transformation focused on reinvigoration three key areas: products and services, go-to-market, and organizational structure. Key Product Offerings Symantec s endpoint security and management offerings help customers secure their environment by addressing the changes in the threat landscape, the evolution of the endpoint to include more mobile devices, and the pressure to reduce cost and complexity. Our solutions encrypt and prevent sensitive information from leaving an organization. IT offers two-factor authentication and cloud-based single-sign-on functionality to better protect the identities of an organization s employees. Symantec mobile enterprise solutions include encryption, validation and identity protection, managed public key infrastructure (PKI), mobile management, app center, mobile security for Android, endpoint protection for enterprise and small business and protection suites. The endpoint security business faces secular challenges as more of security intelligence is moving to the network and it hard for us to see how Symantec can create a sustainable growing enterprise endpoint security business. Its consumer products help customers deal with increasingly complex threats, the proliferation of mobile devices, the need for identity protection, and the rapid increase in digital data, such as personal financial records, photos, music, and videos. Products include Norton 360, Norton 360 Multi-Device, Norton Internet Security, Norton AntiVirus, Norton One, Norton Online Backup, Norton Mobile Security, and Norton Live Services. Symantec s information security businesses help to keep organizations safe and compliant with industry and government regulations. Its solutions allow customers to secure their messaging and web environments, via either on-premise or hosted solutions. Symantec authentication services enable organizations to protect assets by ensuring the true identity of devices, systems, or applications connecting to them and using Secure Socket Layer (SSL) technology to encrypt data in transit. Products include critical system protection and trust services. Its data loss prevention solution helps businesses proactively protect their information by taking a content-aware approach. Symantec threat and risk management solutions allow customers to develop and enforce IT policies, automate IT risk management processes, and demonstrate compliance with Page 53 December 18, 2013

53 industry standards and regulations. Its managed security services extend the company's security expertise through a combination of remote monitoring, on-call assistance, and management. Products include Security Incident Manager (SIM), Managed Security Services, and Control Compliance Suite. Symantec s storage and server management solutions enable organizations to ensure business continuity and manage the information-driven world by leveraging our backup and recovery, archiving, ediscovery, storage management, and high availability solutions. Backup and Recovery business, which includes software, appliances, and cloud-based offerings, helps small and medium-sized businesses (SMB) and enterprise organizations address the rapid growth of information, data duplication, and virtual environments. With the company's solutions, customers can backup and deduplicate data closer to information sources to reduce storage consumption. Products include NetBackup on-premise and appliance, Backup Exec. ediscovery and intelligent information governance solutions allow organizations to bridge the gap between their business, legal, and IT groups, and to reduce their risks and costs. Products include Enterprise Vault, Enterprise Vault.cloud, and ediscovery. Storage management and high availability businesses address customers need to maintain high service levels and reduce overall storage costs through improved utilization of existing systems, virtualization, and cloud infrastructure offerings. Products include Storage Foundation, Cluster Server, Operations Manager, ApplicationHA, Data Insight, and VirtualStore. Summary of Un-Covered Companies Commtouch (CTCH) Commtouch is a leading provider of internet security technology and cloud-based services, delivers detection solutions for vendors and service providers protecting billions of internet transactions in real-time. Commtouch s , web and antivirus security capabilities keeps 350 million end users across 190 countries safe online. Key Product Offerings GlobalView Cloud to protects more than 200 million end-users and serves more than 10 billion transactions per day including real-time responses to URL and spam queries from millions of endpoints, as well as malware samples, and web and traffic that is collected and analyzed in the cloud. Recurrent Pattern Detection is Commtouch s Anti-Spam solutions and based on patented Recurrent Pattern Detection (RPD), which blocks spam based on its most fundamental characteristic its mass distribution and repeating patterns. Leading vendors such as Check Point, Clearswift, F-Secure, Imatrix, H3C, Netgear, Openwave, and Watchguard, have chosen Commtouch s as their Anti-Spam OEM provider for a range of hardware and software endpoints and offerings such as: security: Allows real-time blocking of spam, phishing and -malware in any language or format with almost no false positives. Commtouch's Anti-Spam is based on patented Page 54 December 18, 2013

54 RecurrentPattern Detection (RPD), which blocks spam based on its most fundamental characteristic - its mass distribution and repeating patterns. Web filtering: Enables Commtouch customers to provide new levels of service for applications such as Web Security, parental control, and business productivity management and compliance. Antivirus: Designed to proactively combat modern malware threats, Commtouch s anti-malware solution provides maximum performance (high scanning speeds, low resource requirements) and superior detection based on multiple scanning layers including heuristics, emulation, and smart signatures. Fortinet (FTNT) Fortinet is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Its products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. To date, Fortinet has shipped more than 1,250,000 appliances to more than 160,000 customers. Key Security Offerings FortiGate Network Security Platform delivers performance and protection while simplifying network environments. Fortinet offers models to satisfy any deployment requirement, from the desktop FortiGate-20 series for small offices and retail networks to the chassis-based FortiGate series for large enterprises, service providers, data centers and carriers. FortiGate platforms integrate the purpose-built FortiOS operating system with custom FortiASIC processors and the latest-generation CPUs to provide comprehensive, high-performance security. Fortinet's FortiGate security appliances deliver ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Its security platforms offer blend of ASIC-accelerated performance, integrated multi-threat response, and constantly-updated, in-depth threat intelligence. Fortinet systems integrate a broad suite of security technologies, including firewall, VPN, antivirus, intrusion prevention (IPS), application control, web filtering, antispam, wireless controller, and WAN acceleration, all of which can be deployed individually to complement legacy solutions or combined for a comprehensive threat management solution. The company complements these solutions with an array of management, analysis, , database and endpoint security products. FortiManager Security Management appliances allows customers to centrally manage any number of Fortinet Network Security devices, from several to thousands, including FortiGate, FortiWiFi, and FortiCarrier. Network administrators can better control their network by logically grouping devices into administrative domains (ADOMs), efficiently applying policies and distributing content security/firmware updates. Recently, Fortinent launched the FortiSandbox-3000D, an advanced threat prevention appliance that provides enterprises with a powerful tool to help combat Advanced Persistent Threats (APTs). The new offering combines a unique dual-level sandbox, dynamic threat intelligence, Page 55 December 18, 2013

55 real-time dashboard and rich reporting in a single device that integrates with Fortinet's FortiGate next generation firewalls (NGFW) and FortiMail gateway appliances. FireEye (FEYE) Fireye offers a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation highly sophisticated cyber attacks, which easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors, including web, , and files and across the different stages of an attack life cycle. FireEye has over 1,100 customers across more than 40 countries, including over 100 of the Fortune 500. Key Product Offerings The FireEye Threat Prevention Platform supplements traditional defenses with a new model of security to protect against today s advanced cyber attacks by utilizing a signature-less, virtual execution engine that creates enterprise specific threat intelligence across vectors; securing against web, , file, and mobile attacks. By detonating web objects, suspicious attachments, and mobile applications within instrumented virtual environments, FireEye is able to detect zeroday web exploits, spear-phishing attacks, and rogue mobile applications. The platform is based on: The FireEye Multi-Vector Virtual Execution (MVX) engine that detects today s advanced cyber attacks; The FireEye Dynamic Threat Intelligence cloud that shares anonymized threat intelligence from the MVX analysis, and Security interoperability with a broad ecosystem of partners using standards-based malware metadata and FireEye APIs FireEyes s new platform Oculus delivers real time, continuous threat protection platform to help secure brands, intellectual property, and data. Oculus forms a proactive defense system to counter today's advanced cyber attacks by combining FireEye threat prevention platforms with rich actionable threat intelligence, and world-class global support and services. FireEye Dynamic Threat Intelligence cloud has exchange indicators of compromise and keeps protections up to date. The self-learning nature of the data exchange means the security value grows as more customers share real-time, dynamically generated MVX threat intelligence. FireEye Oculus Continuous Monitoring is a new subscription to enable a proactive defense. Recently announced, FireEye Mobile Threat Prevention is a new cloud-based platform that extends the company s virtual-machine based platform for the web, , and file threat vectors to mobile threats. FireEye Mobile Threat Prevention is scheduled to be generally available by the end of Page 56 December 18, 2013

56 Keyw Holding (KEYW) KEYW delivers cybersecurity and geospatial intelligence solutions to US government and commercial customers. Its services include a full range of technical and program management capabilities needed to conceptualize, build, integrate, and support intelligence systems. Much of its work requires high-level security clearances, and the descriptions and details of this work are classified. Key Product Offerings HawkEye G is Hexis Cyber Solution's Awareness and Response platform, providing a highly affordable and scalable solution to address the growing cyber-based threat to government agencies and commercial enterprises. HawkEye G is being developed to detect, engage, and remove malicious cyber threats in customer networks. The system uses automated tools and continual updates to cyber threat profiles and alert levels to identify and prevent attacks. HawkEye G capabilities include monitoring and mitigating malicious internet packet activity, analyzing and monitoring networks, and performing forensics analysis. HawkEye G is derived from its work protecting sensitive government networks and is suited for both commercial enterprises and other government agencies. The Sensage Event Data Warehouse integrates multiple processes that typically are siloed: Log management, compliance reporting, real-time monitoring, forensic investigation, and incident response. The Sensage solution can be leveraged for real-time and historical event management and also augments existing SIEM solutions built for real-time event and log monitoring. The Sensage Risk and Compliance Solution maps event data to audit criteria, streamlining resources required to meet reporting and audit demands for mandates such as HIPAA/HITECH, Sarbanes-Oxley, PCI, ISO 27000, FISMA, DSS, NISPOM, DCID 6/3, and NERC. Palo Alto Networks (PANW) Palo Alto Networks next-generation firewalls enforce network security policies based on applications, users, and content. This unique ability empowers you to safely enable applications, make informed decisions on network access, and strengthen your network security. Palo Alto Networks is redefining the network security market as legacy providers are unable to deal with a complex IT environment and a constantly evolving threat environment. External threats are targeting applications, sensitive data, and IT resources as enterprise architectures evolve through the implementation of social, mobile, cloud, virtualization into their environments. Palo Alto was founded in 2005 and shipped its first appliances in Its nextgeneration firewall delivers application, user, and content visibility and control integrated within the firewall through a proprietary hardware & software architecture. Palo Alto has more than 14,500 customers in over 120 countries across multiple industries. Palo Alto was ranked as the enterprise firewall market leader by Gartner in 2011 and 2012 (published Feb. 2013). Page 57 December 18, 2013

57 Key Product Offerings Palo Alto Networks next-generation firewalls enforce network security policies based on applications, users, and content. Palo Alto Networks offers a full line of purpose-built hardware platforms that range from the PA-200, designed for enterprise remote offices, to the PA-5060, which is designed for high-speed datacenters. Palo Alto combines its proprietary Single Pass Parallel Processing (SP3) hardware and software architecture and PAN-OS operating system to provide a comprehensive, low-latency, and high throughput network security platform. Embedded application visibility and control consists of three identification technologies: App-ID (identifies applications crossing the network), User-ID (integrates the platform with a wide range of enterprise user directories including Active Directory), and Content-ID (enables the Palo Alto subscription services). WildFire subscription Service is centralized cloud-based virtual environment where new and unknown files can be actively executed and observed for malicious behaviors. The WildFire cloud can be delivered either as a public cloud (default) or as a private cloud (deployed locally on a WF-500 appliance). Proofpoint (PFPT) Proofpoint is an innovative security-as-a-service vendor that delivers data protection solutions that help organizations protect their data from attack and enable them to effectively meet the complex and evolving regulatory compliance and data governance mandates that have been spawned from highly publicized data breaches. Proofpoint, positioned by Gartner in the Leaders Quadrant in their 2013 Magic Quadrant for Secure Gateways, and 2013 Magic Quadrant for Enterprise Information Archiving, delivers an integrated suite of on-demand data protection solutions spanning threat management, regulatory compliance, data governance and secure communications all of which are based on a common security-as-a-service platform. Key Product Offerings Proofpoint products are based on MLX machine learning, the application of big data analytics and the use of global threat correlation systems deliver unrivalled anti-spam and data loss prevention accuracy. Proofpoint has a broad product portfolio to help its customers block spam and viruses, prevent leaks of confidential information, encrypt sensitive data, and securely archive including : Proofpoint Enterprise Protection is the company s communications and collaboration security suite designed to protect customers' mission-critical messaging infrastructure from outside threats including spam, phishing, unpredictable volumes, malware and other forms of objectionable or dangerous content before they reach the enterprise. Key capabilities within Proofpoint enterprise protection include threat detection, virus protection, zero-hour threat detection and smart search. Proofpoint Enterprise Archive is designed to ensure accurate enforcement of data governance, data retention and supervision policies and mandates; cost effective litigation support through discovery, and active legal hold management. Proofpoint Enterprise Archive can store, govern Page 58 December 18, 2013

58 and discover a range of data, including , instant message conversations, social media interactions, and other files throughout the enterprise. Proofpoint Enterprise Governance provides organizations the ability to track, classify, monitor, and apply governance policies to unstructured information across the enterprise. The key capabilities within Proofpoint Enterprise Governance include Document Tracking-Digital Thread, Cloud-based Search and Analytics, and Flexible policy enforcement. These solutions enable organizations to: Keep malicious content out of their environments, Prevent the theft or inadvertent loss of sensitive information, collect, securely retain, govern and discover sensitive data for compliance and litigation support and Securely communicate and collaborate on sensitive data with customers, partners and suppliers. VASCO Data Security International (VDSI) VASCO is a world leader in strong authentication and e-signature solutions, specializing in online accounts, identities, and transactions. As a global software company, VASCO serves a customer base of approximately 10,000 companies in more than 100 countries, including more than 1,700 international financial institutions. In addition to the financial sector, VASCO's technologies secure sensitive information and transactions for the enterprise security, e-commerce, and e- government industries. VASCO brings banking security to 50 different vertical applications, such as healthcare, e-gaming, automotive, human resources, education, administration, e-government, legal, manufacturing and many more. Key Product Offerings VACMAN Product Line. The VACMAN product line incorporates a range of strong authentication utilities and solutions designed to allow organizations to add DIGIPASS strong authentication into their existing networks and applications. IDENTIKEY Server. IDENTIKEY Server is an off-the-shelf centralized authentication server that supports the deployment, use and administration of DIGIPASS strong user authentication. IDENTIKEY is based on VASCO s core VACMAN technology. axs GUARD Product Line. The company offers two types of axs GUARD appliances: axs GUARD Identifier and axs GUARD Gatekeeper. axs GUARD Identifier is a standalone authentication solution that offers strong two-factor authentication for remote access to a corporate network or to Web-based, in-house business applications. axs GUARD Gatekeeper consists of a range of dedicated appliances that brings strong user authentication and secure Internet communications to the enterprise through a choice of multiple software modules. DIGIPASS Product Line. DIGIPASS product line, which exists as a family of software and hardware client authentication products and services, provides a flexible and affordable means of authenticating users to any network, including the internet. DIGIPASSES calculate dynamic signatures and passwords, also known as one-time passwords, to authenticate users on a computer network and for a variety of other applications. DIGIPASS for web is the ideal product to replace Page 59 December 18, 2013

59 a password-based security or paper-based authentication system with a security system using strong authentication, to achieve a higher security level. In November, Vasco released DIGIPASS 760, a visual transaction signing solution (What you see is what you sign) based on Cronto s patented identity solution. DIGIPASS 760 is an authentication device (using a graphical cryptogram consisting of a matrix of colored dots is displayed on the bank s website) targeted toward banks, enabling them to establish a secure optical communication channel with the client. DIGIPASS as a Service is VASCO s cloud based authentication service, which makes use of VASCO s proprietary authentication technology. Page 60 December 18, 2013

60 Comparable Analysis of Public Security Companies Exhibit 21. Comparables ($ in millions, except per share) Recent Market EV/SALES EV/FCF P/E Rev. Growth Company Name Ticker Rating Price Cap '12 '13E '13E '14E Security Avg Technologies Nv AVG NC $16.25 $ x 2.3x NA NA 7.9x 8.5x 45.2% 1.5% Check Point Software Technologies Ltd CHKP Market Perform $61.84 $12, x 6.0x 9.3x 9.3x 18.1x 17.2x 3.6% 5.6% Cisco Systems Inc CSCO Outperform $20.92 $113, x 1.7x NA NA 10.6x 10.1x 4.5% 4.0% Commtouch Software Ltd CTCH NC $2.66 $70 2.5x 2.1x NA NA 44.3x 15.6x 64.6% 16.9% Juniper Networks Inc JNPR Market Perform $20.96 $10, x 1.8x NA NA 17.1x 15.2x 5.8% 5.6% Symantec Corp SYMC Market Perform $23.00 $16, x 2.2x 17.7x 15.1x 12.9x 12.3x 3.7% 1.0% Imperva Inc IMPV Outperform $45.75 $1, x 5.9x NM NM NM NM 31.0% 26.4% Barracuda Networks Inc CUDA Outperform $25.83 $1, x 4.9x NM 26.1x NM NM 15.6% 11.5% Fireeye Inc FEYE NC $38.87 $4, x 17.6x NA NA NM NM 89.3% 57.7% Fortinet Inc FTNT NC $17.88 $3, x 3.7x NA NA 38.8x 31.8x 13.2% 13.5% Lifelock Inc LOCK NC $15.14 $1, x 2.8x NA NA 41.3x 35.2x 33.0% 21.3% Keyw Holding Corp KEYW NC $12.70 $ x 1.5x NA NA NM 41.1x 24.5% 16.9% Palo Alto Networks Inc PANW NC $55.84 $4, x 4.9x NA NA NM NM 41.4% 31.3% Proofpoint Inc PFPT NC $29.29 $1, x 5.9x NA NA NM NM 24.8% 24.5% Qualys Inc QLYS Outperform $23.31 $ x 5.8x 41.8x 37.3x NM NM 18.0% 18.4% Vasco Data Security International Inc VDSI NC $7.79 $ x NA NA NA 26.9x 20.0x 1.3% 7.1% Average 5.6x 4.6x 22.9x 22.0x 24.2x 20.7x 16.9% 16.3% (Fishbein - IMPV, CHKP, SYMC, CUDA, OLYS) (Long - CSCO, JNPR) (NC = Not covered. Thomson data for not covered companies) Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Page 61 December 18, 2013

61 Exhibit 22. Comparables Growth and Margins ($ in millions, except per share) Rev. Growth EPS Growth FCF Growth Gross Margin EBIT Margins FCF Margins Company Name Ticker '12 '13E '13 '14E '12 '13E '13 '14E '12 '13E '13 '14E 2013E 2014E 2013E 2014E 2013E 2014E Security Software Avg Technologies Nv AVG 45% 2% 46% 6% NA NA NA NA NA NA NA NA Check Point Software Technologies Ltd CHKP 4% 6% 7% 5% 17% 0% 88% 88% 58% 58% 68% 64% Cisco Systems Inc CSCO 5% 4% 7% 5% NA NA NA NA NA NA NA NA Commtouch Software Ltd CTCH 65% 17% 0% 183% NA NA NA NA NA NA NA NA Juniper Networks Inc JNPR 6% 6% 44% 12% NA NA NA NA NA NA NA NA Symantec Corp SYMC 4% 1% 0% 5% 35% 17% 84% 84% 26% 28% 12% 14% Imperva Inc IMPV 31% 26% 98% 182% 222% 220% 79% 79% 2% 2% 3% 7% Barracuda Networks Inc CUDA 16% 11% NA 26% 29% 99% 80% 80% 1% 0% 11% 19% Fireeye Inc FEYE 89% 58% NA 58% NM NA NA NA NA NA NA NA Fortinet Inc FTNT 13% 13% 13% 22% NA NA NA NA NA NA NA NA Lifelock Inc LOCK 33% 21% 22% 17% NM NA NA NA NA NA NA NA Keyw Holding Corp KEYW 25% 17% NA NA NM NM NA NA NA NA NA NA Palo Alto Networks Inc PANW 41% 31% 99% 80% NM NM NA NA NA NA NA NA Proofpoint Inc PFPT 25% 25% 21% 28% NM NM NA NA NA NA NA NA Qualys Inc QLYS 18% 18% 4% 35% NM NM 77% 77% 7% 9% 17% 16% Vasco Data Security International Inc VDSI 1% 7% 31% 34% NA NA NA NA NA NA NA NA Average 17% 16% 23% 7% 44% 84% 82% 81% 18% 20% 22% 24% Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Page 62 December 18, 2013

62 Key Private Security Companies to Watch In the exhibit below, we have listed the private companies that we believe will be the ones to watch in the coming years. They have been selected based on a variety of criteria, including market positioning, targeted market, product offering, customer base, and management. During the enormous effort in making this report, we are sure to have missed giving credit to many companies and/or technologies either by design, in order to make the report easy to digest, or by mistake, due to the sheer volume of information that we had to process. Some of the biggest and most successful investors in private security companies include Intel Capital, Sequoia Capital, Accel Partners, Foundation Capital, Highland Capital Partners, Index Ventures, Trident Capital,.406 Ventures, and Battery Ventures. As noted above, M&A continues to be a recurring theme in the security sector. In the continually evolving security environment, we believe investors should keep these select companies on their radar screens, as they have the potential to gain an increasing presence in the marketplace. Page 63 December 18, 2013

63 Airwatch Company Description AirWatch is a leader in enterprise-grade Mobile Device Management, Mobile Application Management, and Mobile Content Management solutions designed to simplify mobility. More than 8,000 customers across the world use AirWatch to manage their mobile devices, including the apps and content on those devices. AirWatch solutions are comprehensive, built on a powerful yet easy to use platform by leaders in the mobile space. Key Products AirWatch Mobile Security ensures enterprise mobility deployment is secure and corporate information is protected with end-to-end security extending to users, devices, applications, content, data, and networks. AirWatch Mobile Device Management (MDM) enables customers to enroll devices in their enterprise environment quickly, configure and update device settings over-the-air, and secure mobile devices Airwatch Mobile Content Management enables secure mobile access to content anytime, anywhere through a Secure Content Locker that protects sensitive content and provides users with a central application to securely access the latest content from their mobile devices. AirWatch Mobile Application Management (MAM) allows users to manage internal, public and purchased apps across corporate-owned, corporate-shared and employee-owned devices from one central console. Key Employees Alan Dabbiere, Chairman John Marshall, Chief Executive Officer David Dabbiere, Chief Operating Officer Jeff Horing, Board Member Key Investors Insight Venture Partners Accel Partners Page 64 December 18, 2013

64 AlertLogic Company Description Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. In August 2013, Welsh, Carson, Anderson & Stowe ( Welsh Carson ), a leading private equity firm, purchased majority shareholder interest in Alert Logic. Selling shareholders include Updata Partners, Covera Ventures, Mercury Fund, OCA Ventures, Access Venture Partners. Key Products Threat Manager is managed intrusion detection and vulnerability scanning service that provides ongoing insights into the threats and vulnerabilities affecting network environments. Log Manager organizes log data that require parsing, detection and examination and provides custom alerting system that notifies customers of suspicious behavior detected in their environment. Cloud Security for Amazon Web Services (AWS). Alert Logic delivers security solutions to Amazon EC2 users that are purpose built for EC2 deployments. Web Security Manager provides two levels of protection: signature-based protection against known attacks and positive protection against unknown attacks by only allowing permitted actions. Web Application Firewall Proven WAF technology (managed Security-as-a-Service WAF) that blocks attacks with negative and positive security features and learning that adapts to your traffic patterns. Key Employees Gray Hall, CEO Paul Marvin, CFO Misha Govshteyn, VP, Emerging Products Rohit Gupta, Vice President of Business Development Key Investors Welsh, Carson, Anderson & Stowe Page 65 December 18, 2013

65 AlienVault Company Description AlienVault s Unified Security Management solution (USM) provides a fast and cost-effective way for organizations with limited security staff and budget to address compliance and threat management needs. With all of the essential security controls built-in, USM puts enterprise-class security visibility within fast and easy reach of smaller security teams who need to do more with less. AlienVault s Open Threat Exchange is an open and collaborative initiative for security professionals to connect with their peers, and learn about the latest threats and defensive tactics from industry experts and security researchers. Key Products AlienVault s Unified Security Management (USM) products provide a way for organizations with limited security staff and budget to address compliance and threat management needs. With all of the essential security controls built-in, and continuous threat intelligence updates from AlienVault Labs, USM provides unparalleled security visibility. Key Employees Julio Casal, Co-Founder Barmak Meftah, President & CEO Roger Thorton, CTO Rita Selvaggi, CMO Key Investors Trident Capital Kleiner Perkins Caufield & Byers GGV Capital Sigma West Adara Venture Partners Top Tier Capital Correlation Ventures Page 66 December 18, 2013

66 Appthority Company Description Appthority provides the industry s first all-in-one App Risk Management service that employs static, dynamic, and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to proactively create and apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data. Key Products App Risk Management Service employs static, dynamic, and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. App reputation (Appthority Trust Score), IT administrators can use the Appthority service to build a customized app risk policy and enforce the policy on their MDM (Mobile Device Management) solutions. The cloud-based Appthority Platform is the only solution that is multi-os, supporting Android, Blackberry, and ios apps. Key Employees Paul Stich, CEO Anthony Bettini, CTO Domingo Guerrra, President Key Investors US Venture Partners Venrock Page 67 December 18, 2013

67 Authentify Company Description Authentify provides automated authentication services for many of the largest online business enterprises operating today. The Authentify service enables organizations to quickly and cost-effectively perform real-time, multi-factor user authentication during an internet session. By leveraging the familiarity of the telephone networks, Authentify delivers an effective multi-factor authentication process that is practical for business and easy for end users. Authentify was recently ranked as a visionary by Gartner. Its services enable organizations that need strong security to quickly and cost-effectively add 2-factor or 3-factor authentication layers to user logon, transaction verification or critical changes such as adding a payee to an e-pay or wire account. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing corporate access control, and e-merchants who want to limit fraud on their sites. Key Products Authentify xfa is a cloud-based solution is the only one to offer the strength of digital certificates coupled to a voice biometric delivered in an elegantly simple mobile app. Authentify 2CHK is a transaction authenticator for financial services firms who must protect their customers from man-inthe-middle and man-in-the-browser attacks, 2CHK offers a secure communication channel to their customers via their phones, or a secure second channel to the user's desktop. Authentify's Out-of-Band authentication (OOBA) provides corporations with a cost-effective, user-friendly approach to Identity & Access Management. Key Employees Peter G. Tapling, President & CEO Andrew R. Rolfe, CTO John Zurawski, VP, Marketing Paul Witt, VP, Worldwide Sales Page 68 December 18, 2013

68 BeyondTrust Company Description BeyondTrust is the global leader in privilege authorization management, access control, and security solutions for virtualization and cloud computing environments. BeyondTrust empowers IT governance to strengthen security, improve productivity, drive compliance and reduce expense. The company s products eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers in heterogeneous IT systems. Key Products Context-Aware Security Intelligence gives customers the visibility and controls necessary to reduce their IT security risks, while at the same time simplifying their compliance reporting across their entire IT infrastructure. PowerBroker Virtualization provides a dedicated solution for delegating root tasks and authorization in virtualized datacenter environments without ever disclosing the highly sensitive root password. PowerBroker Endpoint Protection Platform provides multilayered endpoint protection for Windows desktops and servers, in a single, lightweight client that replaces multiple security agents, protecting against known exploits, zero-day, and all other attack vectors. Retina Network Security Scanner. The security industry s most well respected network security scanner. Identifies vulnerabilities introduced via missing patches, misconfigurations and conflicts with industry standard best practices. Key Employees John Mutch, CEO Bryce Hancock, CFO Marc Maiffret, CTO Ken Saunders, Vice President, Corporate Development Key Investors Insight Venture Partners Page 69 December 18, 2013

69 Bit9 Company Description Bit9 is the leader in a new generation of endpoint and server security, based on real-time visibility and protection. Bit9 solution continuously monitors and records all activity on endpoints and servers and stops cyber threats that evade traditional defenses. Security teams use Bit9 s real-time integration with FireEye and Palo Alto Networks to accelerate incident response and ensure all files arriving on endpoints and servers are safe. Bit9 has stopped the most advanced attacks, including Flame, Gauss, and the malware responsible for the RSA breach. 1,000 organizations worldwide from 25 Fortune 100 companies to small businesses use Bit9 to increase security, reduce operational costs, and improve compliance. Key Products Bit9 s Security Platform (formerly Parity) provides the visibility, detection, response, and protection capabilities you need to defend your endpoints and servers against advanced threats and malware. Real-time sensor and recorder provides immediate visibility from a single console into the files, executions, and critical system resources on every machine. Real-time enforcement engines unique detonate-and-deny approach automatically sends every new file that arrives on any endpoint or server and will automatically stop malicious files from running. Bit9 Cloud Services. Bit9 s cloud-based Software Reputation Service constantly crawls the internet looking for software and calculates a trust rating for it based on attributes such as its age, prevalence, publisher, source, results of AV scans, and more. Bit9 also uses threat intelligence feeds from third parties to identify malicious and suspicious files. Key Employees Patrick Morley, President & CEO Gordon Pothier, Chief Financial Officer Harry Sverdlove, CTO Adam Liberman, VP, Engineering Ed Filippine, VP Worldwide Sales Key Investors Atlas Venture Highland Capital Partners Kleiner Perkins Caufield & Byers 406 Ventures Sequoia Capital Page 70 December 18, 2013

70 Blue Coat Systems Company Description Blue Coat Systems is a leading provider of web security and WAN optimization solutions. Blue Coat empowers enterprises to safely and securely choose the best, applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets. Blue Coat has a long history of protecting organizations, their data and their employees and is the trusted brand to 15,000 customers worldwide, including 86% of the FORTUNE Global 500. With a robust portfolio of intellectual property anchored by more than 200 patents and patents pending, the company continues to drive innovations that assure business continuity, agility, and governance. Key Products Security and Policy Enforcement Center: Delivers business continuity by protecting against threats and data loss Mobility Empowerment Center: Extends protection and policy to users in any location on any device Trusted Application Center: Enables organizations to safely deploy and consume all types of applications Advanced Threat Protection: See and block advanced threats as they happen, and continuously monitor for hidden threats that bypass your network security defenses. Key Employees Gregory S. Clark, Chief Executive Officer Joe Levy, CTO Biswa Ghosh, VP Engineering Seth Boro, Board of Directors Key Investors Thoma Bravo Page 71 December 18, 2013

71 Bromium Company Description Bromium delivers the benefits of micro-virtualization and hardware based security to enterprise desktops, reducing the enterprise attack surface for all users without the need for new management tools or skill sets. The company s solutions enable an exceptional end-user experience with its protect-first design, isolating threats before they can harm the enterprise. Key Products Bromium vsentry, based on the Bromium Microvisor, protects Windows PCs from undetectable advanced malware that attacks the enterprise through tricking users into opening poisoned attachments, documents and websites. Bromium vsentry technology provides additional features like LAVA, or Live Attack Visualization and Analysis. LAVA automatically generates signatures for new attacks that legacy detection-centric tools can neither identify nor block, helping IT to rapidly achieve defense in depth. Additionally, vsentry includes the Bromium Management Server (BMS), which provides a centralized web service for vsentry policy management, collection of LAVA events from all desktops in the enterprise, and correlation of attack data. Bromium vsentry helps enterprises to secure Windows XP, both 32 and 64 bit versions of Windows 7, and virtual desktops delivered with Microsoft Remote Desktop Services (including Citrix XenDesktop and VMware View). vsentry is licensed per-user, enterprise wide, and priced according to volume. Key Employees Gaurav Banga, Co-founder and CEO Simon Crosby, Co-founder & CTO Ian Pratt, Co-founder & SVP, Products Franklyn Jones, Vice President, Marketing Manish Kalia, Vice President, Product Management Mike McGuinness, Vice President, Sales Key Investors Andreessen Horowitz Ignition Partners Highland Capital Partners Ignition Partners Intel Capital Meritech Capital Partners Page 72 December 18, 2013

72 Centrify Company Description Centrify provides unified identity services across data center, cloud, and mobile resulting in one single login for users and one unified identity infrastructure for IT. Centrify s software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources. More than 4,500 customers have deployed Centrify across millions of servers, applications, and mobile devices to optimize costs and increase agility and security. Centrify has expanded its portfolio from one product to a suite of software and cloud services that span customers' data center, cloud and mobile environment with comprehensive support for over 400 systems and 1,000+ applications. Key Products Centrify Server Suite Unified control and visibility over onpremise and cloud-based Windows, Linux and UNIX servers, with integrated authentication, access control, privilege management and auditing. Centrify User Suite. Unified management of Mac, mobile, and SaaS applications, enhancing end-user satisfaction with single sign-on and IT efficiency with centralized security and administration. Key Employees Tom Kemp, CEO Paul Moore, CTO Tim Steinkopf, CFO Adam Au, VP of Engineering Gary Taggart, VP of Worldwide Sales Key Investors INVESCO Private Capital Accel Partners Mayfield Fund Sigma Partners Index Ventures Page 73 December 18, 2013

73 Cenzic Company Description Cenzic provides application security testing for enterprise software to Software as a Service, going beyond signaturebased tools to automatically find application vulnerabilities. Cenzic's intelligent behavioral technology is the first to use behavioral, stateful, and learning algorithms to ensure the highest accuracy for automated assessment of even the most complex applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMB's (small and medium businesses). Key Products Cenzic Enterprise is a software solution that assesses the security of cloud and web applications and supports security risk management throughout the software development lifecycle. Cenzic Desktop is a single-user version of Cenzic Enterprise. It is designed for the power user that wants to run security assessments on cloud and web applications from a single system. Cenzic Managed Cloud, Cenzic s security experts perform full vulnerability testing on cloud and web applications from a webbased dashboard. Cenzic Cloud allows users to test their own cloud and web applications for basic attacks and receive actionable results all within their own web portal no security experts needed. Cenzic Hybrid provides access to both Cenzic Enterprise software and Cenzic Managed Cloud services. Vulnerability testing can be done either by using the software on premise or by leveraging Cenzic s expert security services team. Cenzic Mobile service is delivered as a managed service and is managed from a web-based dashboard where users can request assessments, view results, run reports, analyze trends, and retest applications to verify remediation efforts. Key Employees John Weinschenk, CEO and President Scott Parcel, Chief Technology Officer Glenn Gramling, Vice President of Sales and Business Development Key Investors Advanced Technology Ventures Mohr Davidow Ventures JK&B Capital Hummer Winblad Venture Partners Page 74 December 18, 2013

74 CipherCloud Company Description CipherCloud provides cloud data protection solution with patent pending technology that protects enterprise data inside and outside the cloud with full visibility and control, and without impacting application functionality and backend integration. CipherCloud completely eliminates data residency, privacy, security and regulatory compliance concerns associated with cloud applications, and accelerates cloud adoption in the enterprise. Key Products Advanced AES 256-Bit Encryption. Secures data with the strongest levels of protection that only customers can unlock, while preserving the format and functioning of their applications. Tokenization. Meets strict data residency requirements by substituting randomly generated values for the original data, which never leaves the enterprise. Cloud Data Loss Prevention (DLP) allows customers to enable the cloud while preventing data loss. Cloud Malware Protection. Integrated malware detection that is designed for the cloud with industry-leading detection rates. High-performance scanning engines detect the latest viruses, spyware, network worms, Trojans, bots, rootkits, etc. Key Employees Pravin Kothari, Founder & CEO Mike Kochanik, Vice President, Worldwide Sales Kevin Bocek, Vice President, Marketing Tagore Boyella, Vice President & GM, IDC Varun Badhwar, Founding Vice President of Product Strategy Key Investors Andreessen Horowitz Index Ventures T-Venture Page 75 December 18, 2013

75 Click Security Company Description Click Security is disrupting the network security ecosystem with breakthrough data contextualization, visualization, and analytics encoding required to automatically expose anomalous network activity before exfiltration or damage occurs. The company s focus on real-time analytics offers enterprises, higher education, critical infrastructure, and government agencies a proactive security solution with unrivaled economics, high-speed performance and scalability. Key Products The Stream Processing Engine is the foundation upon which all data collection and security analytic processing is performed. It operates across Data Mining Units (DMUs) and a Module Processing Unit (MPU). The Data Mining Unit (DMU) sits in a network s Layer 3 domain, where log, flow and event telemetry streams can be gathered for intelligent processing. DMUs run Miner Modules that collect raw data feeds from firewalls, IPS's, web proxy servers, etc. and pass those feeds to the MPU. Click Modules are programming objects that receive data from predecessor modules, process that data against a security analytic, and perform an output action ranging from "write results to a downstream click module" to "invoke a specific human or machine action." Miner Modules gather network and security telemetry directly from source devices like firewalls, web proxy servers, intrusion prevention systems, active directory servers and more. Interpreter Modules receive data from Miner Modules and use Click Labs deep application and security domain knowledge to extract maximum value from root telemetry data. The Analyzer Layer is where the majority of analytics processing occurs. Key Employees Marc Willebeek-LeMair, CEO and Founder Kit Webster, CFO Brian Smith, CTO and Founder Key Investors Lightspeed Venture Partners Citi Ventures Sequoia Capital Page 76 December 18, 2013

76 CloudFlare Company Description CloudFlare is a service that does one thing: make websites better. With a single change to DNS, sites are instantly protected from a wide range of online threats, see an increase in page load speeds, and have their content dynamically optimized across the internet. CloudFlare s core service is free. Key Products CloudFlare designed its CDN (Content Delivery Network) without the legacy of the last 15 years. Its proprietary technology takes advantage of recent changes to hardware, web server technology and network routing. CloudFlare users can choose any combination of these web content optimization features that take performance to the next level. CloudFlare security leverages the knowledge of a diverse community of websites to power a new type of security service. Online threats range from nuisances like comment spam and excessive bot crawling to malicious attacks like SQL injection and denial of service (DOS) attacks. CloudFlare provides security protection against all of these types of threats and more to keep your website safe CloudFlare analytics provides insight to users' website traffic that they can t get from other analytics programs. In addition to visitor analytics, users can monitor threats and search engine crawlers. For most websites, these threats and crawlers make up 20% to 50% of traffic. It s traffic every website should understand, but most analytics services ignore. Key Employees Matthew Prince, CEO & Co-Founder Michelle Zatlyn, Co-Founder Lee Holloway, Co-Founder Key Investors Pelion Venture Partners Venrock New Enterprise Associates Page 77 December 18, 2013

77 CrowdStrike Company Description CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big data technologies, CrowdStrike s cloudbased next-generation threat protection platform leverages execution profiling and predictive security analytics instead of focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. Key Products The CrowdStrike Falcon Platform enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real-time. The core of the Falcon Platform is a global network of host-based detection sensors driven by world-class cyber threat intelligence to provide real-time detection and prevention capabilities to enterprises and governments worldwide. CrowdStrike Falcon Intelligence is the cyber threat intelligence application of the CrowdStrike Falcon Platform. Falcon Intelligence provides strategic, customized, and actionable intelligence that enables organizations to prioritize resources and proactively defend against future attacks. In today s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Key Employees Gregg Marston, Co-Founder & CFO Dmitri Alperovitch, Co-Founder & CTO George Kurtz, President & CEO Shawn Henry, President, CrowdStrike Services Inc. Key Investors Warburg Pincus Accel Partners Page 78 December 18, 2013

78 CyberArk Company Description CyberArk provides enterprise security software for protecting network assets and data. Customers use the company's software for tasks such as protecting and sharing documents (Sensitive Document Vault), managing the exchange of data between businesses (Inter-Business Vault), and maintaining and updating administrative passwords (Enterprise Password Vault). Cyber-Ark's clients come from a variety of fields including financial services, health care, manufacturing, and consumer goods. The company also offers professional services such as consulting, support, and training. Key Products CyberArk's Privileged Identity Management (PIM) Suite is an enterprise-proven, policy-based solution that secures, manages and logs all privileged accounts and activities. It can be used by itself, or as a strong complement to CyberArk s Privileged Session Management Suite. CyberArk s Enterprise Password Vault was built from the ground up to ensure the best privileged account management. It provides multiple layers of security and accountability that keeps privileged credentials secure and provides a complete audit trail of access attempts and use. CyberArk s Enterprise Password Vault was built from the ground up to ensure the best privileged account management. It provides multiple layers of security and accountability that keeps privileged credentials secure and provides a complete audit trail of access attempts and use. Key Employees Udi Mokady, President, CEO, and Director Erel N. Margalit, Chairman Chen Bitan, General Manager, Israel Operations Key Investors Vertex Venture Capital JVP Page 79 December 18, 2013

79 Cyvera Company Description Cyvera Ltd. Offers Cyber-defense line of products, designed to prevent computer-systems remote-attacks on Microsoft-based servers and end-points. Shifting security paradigm from Malicious Activity Identification to Exploit Techniques Prevention, Cyvera presents a new perception, which prevents attack vectors that are not covered by existing Security-Suites and Next-generation Firewalls. Cyvera s proven solutions enable any organization, to efficiently protect itself against cyber-attack campaigns, whether mass or targeted, and for the first time, against Zero-Day attacks and risks related to Unpatched computer systems exploitation. Key Products Targeted Remote Attack Prevention System (TRAPS ) is a full, preemptive solution that protects every Windows-based end-point and server in the organization, whether physical or virtual, against remote-attack campaigns in general and software vulnerability exploitation in particular. It further protects against technical implications of social engineering like execution of undesired files. This unique and powerful solution efficiently blocks Advanced Persistent Threat (APT) attacks. It stops the most threatening attack vectors, like Zero-Day attacks, execution of unreliable files from external sources and attacks that are based on known or manipulated exploits. Cyvera offers an exclusive platform to protect proprietary software packages from remote-attack campaigns and software vulnerability exploitation. The Cyvera P3 (Propriatery Programs Protection) is a crucial element in the total protection of critical infrastructures, government entities, financial institutions and a wide variety of important industries, including oil & gas, chemicals, healthcare, telecommunication, and so on. Key Employees Uri Alter, Co-CEO & Founder Netanel Davidi, Co-CEO & Founder Dr. Gal Badishi, Chief Scientist Key Investors Blumberg Capital Battery Ventures Page 80 December 18, 2013

80 Damballa Company Description Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Its solutions leverage Big Data from the industry s broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, ios, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world s largest ISP and telecommunications providers. Key Products Damballa Failsafe pinpoints active threats in customers' networks that bypass all prevention layers, thereby reducing the damage from compromised devices. Damballa Failsafe provides: Protection against unknown, hidden and emerging threats; Network-based protection for any endpoint device or operating system; Actionable intelligence for rapid and prioritized incident response. Damballa CSP is communications-based security for ISP and telco operators, automatically detecting malware infections on subscriber devices. With Damballa CSP, ISP and telecommunications operators can: provide a more secure service offering; provide a differentiated service offering; deploy quickly with an outstanding ROI. Key Employees David Scholtz, CEO Tom Savini Chief Financial Officer Brian Foster, CTO Jennifer Byrne, Vice President of Sales David Fortune, Vice President of Operations Key Investors Paladin Capital Group Sigma Partners Palomar Ventures InterWest Partners Imlay Investments Blumberg Capital GRA Venture Fund Adams Street Partners Page 81 December 18, 2013

81 DocuSign Company Description DocuSign, Inc. is the market leader and global standard for electronic signature. DocuSign provides the world s largest and fastest growing electronic signature platform, empowering businesses to complete transactions online quickly and securely, while improving compliance and reducing costs. DocuSign s cloud computing-based electronic signature platform that entirely replaces slow, expensive paper transactions with a fast, efficient and completely digital solution. Accessible from any internet-connected device, DocuSign supports virtually any document and form type in simple and complex workflows, and provides broad user authentication options, data collection, secure document/data storage and retrieval, as well as real-time negotiation and collaboration tools. Key Products DocuSign esignature transaction management platform is a full esignature Transaction Management Platform with open standards, robust APIs, and enterprise-class security and reliability. DocuSign is being used in 188 countries across the world from the largest multi-national enterprises to small businesses. Data and document security employees AES 256 Bit Encryption and SSL 256 Bit Encryption, anti-tampering tamper seals, and authentication options to protect data integrity. DocuSign-advanced on-demand signature solution ensures a legally-binding, non-repudiable signing process regardless of industry, application, workflow process, or transaction volume. DocuSign for Real Estate. DocuSign is the official and exclusive electronic signature provider to the National Association of REALTORS under the REALTOR Benefits Program. Global user management: Manage users across divisions and across geographies with group activation, bulk-user features, advanced SSO options, and other administration features. Key Employees Keith Krach, Chairman of the Board & CEO Tom Gonser, Founder & Chief Strategy Officer Mike Dinsdale, CFO Matt Malden, Chief Product Officer Key Investors Kleiner Perkins Caufield & Byers Accel Partners Scale Venture Partners Sigma West Ignition Partners SAP Ventures Frazier Technology Ventures Second Century Ventures WestRiver Capital, LLC Google Ventures Page 82 December 18, 2013

82 Entrust Company Description Entrust provides identity-based security solutions that empower enterprises, consumers, citizens, and web sites in more than 5,000 organizations spanning 85 countries. Entrust s software authentication platforms manage today s most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eid initiatives, certificate management, and SSL. Key Products The Entrust IdentityGuard software authentication platform provides its strong authentication platform, which enables identity-based security to safeguard access to sensitive information and intellectual property for employees, partners, and customers. Entrust Authority Security Manager enables the use of digital signatures, digital receipts, certificate validation, encryption, and permissions management services across a wide variety of enterprise applications and solutions. Entrust Discovery provides key certificate discovery features to simplify deployment, reduce costs, and automate management for all types of digital certificates and from any vendor. Entrust Entelligence product portfolio is a suite of solutions that delivers multiple security layers, enabling strong authentication, digital signatures and encryption. Entrust GetAccess provides central management access to multiple applications through a single portal, providing users with single sign-on (SSO) to authorized applications and content. Entrust TransactionGuard analyzes all points of interaction with the user on a specific channel, allowing organizations to gain a complete picture of potentially fraudulent behavior. Entrust TruePass provides encryption that makes it possible to protect sensitive information. Entrust Certificate Management Service (CMS) is a self-service application designed to streamline certificate management while providing secure certificates from a recognized brand in online security. Key Employees Bill Conner, President and Chief Executive Officer David Wagner, Senior Vice President, Chief Financial Officer Bill Holtz, Senior Vice President, Chief Operating Officer Robert (Bob) VanKirk, Senior Vice President, Americas Sales & Services Mark Reeves, Senior Vice President, International Sales Key Investors Thoma Bravo Page 83 December 18, 2013

83 ForeScout Technologies Company Description ForeScout s real-time network security platform for access control, mobile security, endpoint compliance and threat prevention empower IT agility while pre-empting risks and eliminating remediation costs. Because the ForeScout CounterACT solution is easy to deploy, unobtrusive, intelligent and scalable, it has been chosen by more than 1,400 of the world s most secure enterprises and military installations for global deployments spanning 37 countries. Key Products ForeScout ControlFabric allows ForeScout CounterACT and other IT security products to exchange information and rapidly respond to a range of enterprise security and operational issues. ControlFabric is based on ForeScout CounterACT, which dynamically identifies and assesses all network users, endpoints and applications, controls network access, directly remediates endpoint security issues, triggers third-party remediation systems. ForeScout CounterACT for Network Access Control integrates with network, security and identity infrastructure to assure the right users and their devices gain appropriate access. ForeScout CounterACT for Endpoint (agentless) Compliance automatically enforces security policies for everyone and everything on the network, which helps minimize security risks. Key Employees Gord Boyce, CEO Christopher Harms, CFO Scott Gordon, CMO Sam Davis, Vice President, Business Development Gil Friedrich, Vice President, Technology Key Investors Pitango Venture Capital ITOCHU Corporation Accel Partners Amadeus Capital Partners Meritech Capital Partners Page 84 December 18, 2013

84 Good Technology Company Description Good Technology provides multi-platform enterprise mobility, security, and management software. Product offerings include those Good for Enterprise, Good for Government, Good for OEM Device Manufacturers/Carriers and Good Dynamics, the first mobile application platform that empowers enterprise developers and ISVs to create secure mobile applications. Good mobile solutions currently operate on over 200 carriers. Major organizations, including 40 of the Fortune 100, currently using Good technology. Key Products The Good Dynamics Secure Mobility Platform integrates application containerization, MAM, an enterprise app store, MDM and more, simplifying the creation of mobile apps and the ongoing management of apps, data, and devices. Good Collaboration Suite: Securely communicate, share and sync documents, and collaborate using the mobile device platforms and form factors you choose. Mobile Device Management: Configure and manage devices over the air and lock down or remote wipe if compromised. Automate device provisioning, policy and configuration assignments, role changes, and device decommissioning. Mobile Application Management: Manage containerized apps and maintain control over corporate information being consumed by your extended enterprise across a growing variety of managed and unmanaged devices. With MAM from Good, you can support the complete mobile app lifecycle. Key Employees Christy Wyatt, President & Chief Executive Officer Ron Fior, Chief Financial Officer Nicko van Someren, CTO Laura Fay, VP, Product Management & Operations Key Investors Blueprint Ventures Draper Fisher Jurvetson eplanet Capital GKM Newport Meritech Capital Partners (MCP) Oak Investment Partners Rustic Canyon Partners Page 85 December 18, 2013

85 Hytrust Company Description HyTrust offers IT managers and administrators of virtual infrastructure a centralized, single point of control for hypervisor configuration, compliance, and access management. By combining best practices, processes, and controls of physical infrastructure security into a comprehensive solution for virtual infrastructure, HyTrust enables virtual infrastructure to achieve the same level of operational readiness as that of existing physical infrastructure. HyTrust delivers the essential real-time control, security, administrative account monitoring, logging and compliance assurance necessary to enable the benefits of cloud adoption and virtualization of critical workloads. Key Products HyTrust Appliance enables enterprises to virtualize mission critical applications and deploy multi-tenant private clouds without taking on large, unacceptable risks. It establishes visibility and accountability, defeats sophisticated attacks, and limits the impact of them. HyTrust has designed controls on controls working in sequence to all but completely eliminate the chances of APTs, hackers, and malicious/compromised/errant insiders. HyTrust provides highly advanced controls, which limit the changes that can take place in the virtual infrastructure. Virtual data center security. HyTrust helps organizations lock down the virtual infrastructure and limit the risk of a data breach. Key Employees John De Santis, CEO and Chairman Eric Chiu, Founder & President & Board Director Mercy Caprara, CFO Jim Gannon, VP, Field Sales & Support Key Investors Trident Capital EPIC Ventures Cisco In-Q-Tel VMware Fortinet Granite Ventures Page 86 December 18, 2013

86 Imprivata Company Description With more than 2 million users and 900 healthcare customers, Imprivata is the No. 1 provider of secure access and collaboration solutions for healthcare. By strengthening user authentication, streamlining application access and simplifying compliance reporting across multiple computing environments, customers realize improved workflows, increased security and compliance with government regulations. Imprivata has received numerous product awards and top review ratings from leading industry publications and analysts, including a Strong Positive rating in Gartner s 2011 Marketscope for ESSO, the No. 1 ranking in the KLAS SSO Performance report and the No. 1 rating in Key Products Imprivata is a leading healthcare IT security company, optimizing clinical workflows, increasing EMR utilization and enhancing care delivery. OneSign provides a complete end-toend solution. Imprivata OneSign authentication Management, an appliancebased solution, can be deployed as a physical or virtual appliance. It provides scalable and high-performance authentication management, whether providers are accessing the network locally or via VPN, or even working offline. All access is managed centrally without requiring changes to user directories such as Active Directory. Imprivata OneSign Single Sign-On makes it possible to establish and enforce strong password policies and significantly reduces credential sharing and enforces secure, compliant employee access to applications, including EMRs, while supporting the auditing and reporting requirements of government regulations. Key Employees David Ting, Founder & CTO Philip J. Scarfo, CEO and co-founder Jeff Kalowski, CFO Omar Hussain, President & CEO Key Investors Polaris Partners General Catalyst Partners Highland Capital Partners Page 87 December 18, 2013

87 Invincea Company Description Invincea provides strong desktop security to companies with Invincea TM Browser Protection and Invincea Document Protection. Invincea delivers the first and only fully virtualized browser and PDF reader solutions that seamlessly run in their own virtual environments separate from the desktop operating system to protect users against all types of web-borne and PDF embedded threats. Originally funded by DARPA to build a prototype virtualized web browsing solution, the patent-pending technology developed jointly with George Mason University s Center for Secure Information Systems has been commercialized under Invincea and is now available to companies to provide the strongest protection against web-borne and PDF embedded threats. Key Products Invincea FreeSpace is endpoint security application that is pushed to all users and a server appliance that provides central management, reporting and threat intelligence capture and feeds. Invincea Management Server gives customers the capabilities they need to centrally manage diverse groups of users, rapidly push updates, and provide detailed reporting on their deployments. Key Employees Dr. Anup Ghosh, Founder & Chief Executive Officer Dana Duffy, Chief Financial Officer Alan Keister, VP Engineering Christopher Smith, Vice President of Worldwide Sales Key Investors Grotech Ventures New Atlantic Ventures Harbert Venture Partners Page 88 December 18, 2013

88 LogRhythm Company Description LogRhythm provides a comprehensive, fully integrated, enterprise-class Log Management, log analysis and event management solution that empowers organizations to comply with regulations, secure their networks and optimize IT operations. By automating the collection, organization, analysis, archival and recovery of all log data, LogRhythm enables enterprises to easily comply with log data retention regulations, while simultaneously gaining valuable, timely and actionable insights into security, availability, performance and audit issues within their infrastructure. LogRhythm solutions are noted for their completeness, useful analytics, ease of use and rapid time to value. LpgRhythm was positioned as a Leader in the 2013 SIEM Magic Quadrant. Key Products LogRhythm for Compliance, Security and Operations. LogRhythm delivers the visibility and insight needed to detect, defend against and respond to increasingly sophisticated cyber threats, efficiently meet compliance requirements and proactively respond to operational challenges. LogRhythm analyzes and manages network, host, file and user activity data in a highly scalable, integrated solution. Its innovative SIEM 2.0 Big Data security analytics platform detects the previously undetectable, delivers powerful forensics and provides the actionable intelligence required to respond rapidly and with precision to even the most advanced and stealthy cyber threats. Additionally, LogRhythm s solutions are used to ensure compliance with of mandates such as PCI DSS, NERC CIP, GLBA, FISMA, HIPAA, SOX and G. Key Employees Andy Grolnick, President & CEO Mark Vellequette, Chief Financial Officer Phillip Villella, Chief Scientist & Founder Key Investors High Country Venture Access Venture Partners Adams Street Partners Croghan Investments Grotech Ventures Siemens Venture Capital Page 89 December 18, 2013

89 Lookout Mobile Company Description Lookout builds security software that protects people, businesses and networks from mobile threats. With the world s largest mobile threat dataset and the power of 45 million devices, Lookout proactively prevents fraud, protects data, and defends privacy. Lookout secures the mobile experience for people everywhere through Lookout Mobile Security, a consumer app, and Lookout for Business, a cloud-based business offering for device security and management. Lookout was selected as a 2013 World Economic Forum Technology Pioneer and has offices in San Francisco and London. Key Products Lookout Platform protects customers, products, devices, and networks from constantly evolving threats, investigate threat intelligence and attribution data, analyze application behavior and network usage, and gain insight. Lookout Security & Antivirus offers essential protection to phones and tablets against malware, viruses, loss and theft. Lookout for Business, is a cloud-based business offering for device security and management. Key Employees John Hering, Founder and CEO Adriel Lares, Chief Financial Officer Kevin Mahaffey, Founder and Chief Technology Officer James Burgess, Co-Founder and CIO Joseph Ansanelli, Chairman of the Board/Investor Key Investors Andreessen Horowitz Accel Partners Index Ventures Khosla Ventures Trilogy Equity Partners Deutsche Telekom, Orange Qualcomm Incorporated Greylock Partners Mithril Capital Management Page 90 December 18, 2013

90 Mandiant Company Description Mandiant is a leading provider of incident response and computer forensics solutions and services. The company provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments, and leading US law firms. Mandiant comprises one of the industry s largest incident response and forensics forces. Mandiant security consultants and engineers hold top government security clearances and certifications and advanced degrees from some of the most prestigious computer science universities. Key Products The Mandiant Platform equips security-conscious organizations to confidently and rapidly detect, analyze, and resolve security incidents before they impact their business. Mandiant Managed Defense brings together all of the experts, experience and technology required to find attackers at any stage of an attack and respond aggressively before they complete their mission. Mandiant Intelligence Center is a subscription-based product that provides access to information, tools and contextual analysis about the tactics, intent, and behavioral patterns of advanced threat groups. Key Employees Kevin Mandia, CEO, Board of Directors Mel Wesley, Chief Financial Officer Travis Reese, President and COO Jeff Scheel, VP, Business Development Key Investors One Equity Partners Kleiner Perkins Caufield & Byers Page 91 December 18, 2013

91 MobileIron Company Description MobileIron provides organizations with a security and management platform for mobile apps, content, and devices to embrace mobility as their primary IT platform. MobileIron s mission is to enable global companies to become Mobile First organizations, embracing mobility as their primary IT platform in order to transform their businesses and increase their competitiveness. Key Products MobileIron solutions provide end-to-end security and management for apps, docs, and devices The MobileIron Advanced Mobile Management platform allows customers to manage devices from a central web-based console, configure devices, set policies for encryption and lockdown, enforce passwords, remotely lock and wipe devices, and allow end-user self-service for their devices. Docs Bundle includes both MobileIron Advanced Mobile Management and Docs@Work builds upon MobileIron MDM foundation to enable secure mobile access to corporate web content including Enterprise attachments and documents stored in SharePoint environments. Apps Bundle includes Apps@Work and Advanced Mobile Management provides a complete solution for enterprise mobile apps, securing both the app data on the device through AppConnect functionality, and data in motion, by leveraging AppTunnel. MobileIron Web Bundle contains MobileIron Advanced Mobile Management and Web@Work enables secure web browsing, allowing employees secure access to content presented on the corporate intranet, as well as mobile web applications. Key Employees Bob Tinker, President and Chief Executive Officer Ajay Mishra, Co-Founder and Chief Customer Officer Jim Buckley, Chief Financial Officer Suresh Batchu, Chief Technology Officer, Jeff Ratzlaff, Vice President of Business Development Key Investors Foundation Capital Institutional Venture Partners (IVP) NorthGate Norwest Venture Partners Sequoia Capital Storm Ventures Big Basin Partners Page 92 December 18, 2013

92 Okta Company Description Okta is an enterprise-grade identity management service, built from the ground up in the cloud and designed to address the challenges of a cloud, mobile, and interconnected business world. Okta integrates with existing directories and identity systems, as well as thousands of on-premises, cloud-based and mobile applications, to enable IT to securely manage access anywhere, anytime and from any device. More than 200 enterprises, including Allergan, BMC Software, Clorox, LinkedIn, T.D. Williamson, and SAP, use Okta to increase security and employee productivity, as well as lower IT costs and improve compliance. The hundreds of enterprises, thousands of cloud application vendors, and millions of people using Okta today also form the foundation for the industry s first Enterprise Identity Network. Key Products Single Sign-On: Okta provides a comprehensive but flexible Single Sign-On solution that spans all web applications; whether they are in the cloud or behind the firewall. Automated User Management: Okta provides comprehensive user management offering capability that spans mass user import and provisioning, deprovisioning, and user data and password synchronization. Okta Cloud Directory gives IT the ability to store different user attributes in Okta and across other cloud applications like Workday, Box, and Jive and on-premises solutions like Microsoft Active Directory. Multifactor Authentication: Okta provides secure, flexible multifactor authentication natively as part of its core identity and access management service. Key Employees Todd McKinnon, CEO & Co-Founder Bill Losch, Chief Financial Officer Eric Berg, Vice President, Products Perry Germain, Vice President, Sales Key Investors Andreessen Horowitz Greylock Partners Khosla Ventures Sequoia Capital Floodgate Page 93 December 18, 2013

93 PerspecSys Company Description PerspecSys provides privacy, residency and security solutions for the cloud. PerspecSys gives organizations the ability to understand how employees are using cloud applications and then take the steps necessary to protect sensitive information before it leaves their network while uniquely not impeding the cloud functionality. By removing the technical, legal, and financial risks of placing sensitive data in the cloud, PerspecSys makes the public cloud private. Key Products PerspecSys Cloud Protection Gateway (can be deployed as a hosted or managed solution (via partners such as Amazon or Fujitsu)) solutions permit cloud applications to be easily adopted throughout the enterprise. The AppProtex Cloud Data Control Gateway is a software solution that delivers critical data privacy and security capabilities to users of public cloud applications. AppProtex Discover gives you access to rich, detailed information on how applications are being used within your enterprise. AppProtex Analyze enables you to evaluate cloud usage patterns and detect behavior that could represent operational, legal, or compliance-related risk to the enterprise AppProtex Protect allows enterprises to secure sensitive data fields via tokenization or encryption (FIPS 140-2) techniques. Key Employees David Canellos, President and CEO Edward Dean, Chief Architect Tracy Wainman Vice President, Finance Gerry Grealish, Vice President, Marketing & Products John Emerson, VP Sales Key Investors Intel Capital Paladin Capital Group Ascent Venture Partners Page 94 December 18, 2013

94 Ping Identity Company Description Ping Identity's identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Its identity and access management platform gives enterprise customers and employees one-click access to any application from any device. More than 1,000 companies, including half of the Fortune 100, rely on its products to make the digital world a better experience for hundreds of millions of people. Key Products PingOne offers secure single sign-on from any device and gives IT one dashboard to manage user access for all applications. PingFederate is a lightweight and powerful identity bridge that delivers a comprehensive identity management solution for federated access to applications using existing identity infrastructure. PingAccess (Web Access Management) provides access for users, apps, and devices by combining traditional web access management with mobile and API access management Key Employees Andre Durand, Founder, Chairman, CEO Michael J. Sullivan, CFO Patrick Harding, CTO Key Investors Triangle Peak Partners Appian Ventures Draper Fisher Jurvetson (DFJ) General Catalyst Partners SAP Ventures Volition Capital W Capital Partners Page 95 December 18, 2013

95 Rapid7 Company Description Rapid7 s IT security solutions deliver visibility and insight that help customers make informed decisions, create credible action plans, and monitor progress. The company's security solutions deliver visibility and insight that help customers accurately assess defenses, make informed decisions, create credible action plans, and monitor ongoing progress. The company simplifies security compliance and risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across users, assets, services, and networks, whether on premise, mobile or cloud-based. Rapid7 s simple and innovative solutions are used by more than 2,500 enterprises and government agencies in more than 65 countries, while the company s free products are downloaded more than one million times per year and enhanced by more than 200,000 members of its open source security community. Key Products Nexpose proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks. Metasploit penetration testing software gives customers a clear view as to what vulnerabilities can easily be exploited within a environment so they can focus on the most critical vulnerabilities. Mobilisafe mobile risk management solution automatically performs a mobile risk assessment of all the devices in organizations and provides easy-to-use tools to eliminate these risks. AppSentinel Application Risk Management: mobile application risk management capability. With AppSentinel, Mobilisafe provides actionable visibility into mobile application risk by building on the existing capabilities with discovery and inventorying of mobile applications. Key Employees Corey E. Thomas, President and CEO Steven Gatoff, Chief Financial Officer Tas Giakouminakis, Co-Founder and Chief Technical Officer Lee Weiner, Senior Vice President of Products Richard Perkett, Vice President of Product Management and Engineering Key Investors Bain Capital Ventures Technology Crossover Ventures Page 96 December 18, 2013

96 RedSeal Networks Company Description RedSeal Networks is the leading provider of network infrastructure security management solutions that continuously provide network visualization and identify critical attack risk and non-compliance in complex security infrastructure. It provides network, security, and risk management teams with a firm understanding of where security is working, where investment is needed, and where greatest cyber-attack risks lie. The world s largest government and commercial organizations use RedSeal security intelligence to build world-class operations that systematically reduce attack risk over time. Key Products RedSeal Platform is a cyber-security intelligence system that is based on proactive end-to-end complex network modeling and analysis. It provides network, security, and risk management teams with a firm understanding of where security is working, where improvement is needed, and where greatest attack risks lie. RedSeal security intelligence enables a range of security processes. Key areas include: Network Operations, Security Investigation, Vulnerability Management, and Security Operations. Key Employees Parveen Jain, President and CEO Dr. Mike Lloyd, CTO Vince McCord, CFO Allan Thompson, EVP of Sales and Business Development Key Investors Venrock Leapfrog Ventures Jafco Ventures Sutter Hill Ventures OVP Venture Partners Page 97 December 18, 2013

97 SafeNet Company Description SafeNet is a leading global provider of data protection. For more than 25 years, Fortune 500 global corporations and government agencies have turned to SafeNet to secure and protect their most valuable data assets and intellectual property. SafeNet s data-centric approach focuses on the protection of high value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments. SafeNet provides a number of security related tools including encryption technologies, hardware, software, and chips. Some of their customers include UBS, Nokia, Fujitsu, Hitachi, Bank of America, Adobe, Cisco Systems, Microsoft, Samsung, Texas Instruments, the US Departments of Defense and Homeland Security, and the US Internal Revenue Service. SafeNet was acquired by Vector Capital in Key Products SafeNet DataSecure centralizes cryptographic processing, security policy and key management with a range of hardware and hardened virtual appliances. SafeNet Authentication Service delivers fully-automated, highly secure authentication as a service and web SSO allowing organizations to secure access to network and cloud-based applications. SafeNet Encryption solutions enable users to protect and control sensitive data as it expands in volume, type and location, from the data center to virtual environments and the cloud while improving compliance and governance visibility and efficiencies through centralized management and policy enforcement. SafeNet's Software Monetization include Sentinel LDK, Sentinel EMS, Sentinel RMS, and Sentinel Cloud. Key Employees Dave Hansen, CEO Michael Branca, CFO Phil Saunders, EVP Prakash Panjwani, SVP and GM, Data Protection Solutions Tsion Gonen, Chief Strategy and Marketing Officer Key Investors Vector Page 98 December 18, 2013

98 SailPoint Technologies Company Description SailPoint Technologies is an access management (IAM) provider and helps some of the world's largest organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud. The company develops identity governance software that integrates role management, access request management, and compliance management solutions that help enterprises to capture control over user access to streamline IT compliance processes and reduce the risks of fraud. Key Products IdentityIQ, which is an identity governance solution that gives enterprises the visibility into and control over user access and streamlines complex processes. IdentityIQ Compliance Manager, which integrates access certification, policy enforcement, and activity monitoring capabilities and automates the auditing, reporting, and management activities. IdentityIQ Role Manager that helps organizations to create, enforce, and verify role-based access in enterprise applications. IdentityNow delivers an integrated suite of IAM services, including SSO, password management, access certification, provisioning, and analytics, all with the benefits of SaaS delivery. Key Employees Mark McClain, CEO Cam McMartin, CFO Darran Rolls, CTO Kevin Cunningham. President Key Investors Austin Ventures Lightspeed Venture Partners Origin Ventures Silverton Partners Page 99 December 18, 2013

99 Skybox Security Company Description Skybox Security provides risk analytics for enterprise security management. Skybox Security serves an international customer base of Global 2000 enterprises and large government agencies that rely on Skybox Security solutions to prevent cyber threats, reduce risk exposure, and demonstrate network compliance with regulations. Skybox Security solutions are used in the most demanding network environments in the world -- including medium to large organizations in financial services, telecommunications, retail, government, energy and utilities, and defense. Key Products Skybox View Enterprise Suite: Provides risk analytics that gives continuous intelligence about vulnerabilities and network security risks, with no network disruption. Skybox solutions automate the complex security management processes needed to maintain security controls and eliminate attack vectors, filtering out irrelevant data and delivering accurate results in a fraction of the security management time. Skybox Firewall Assurance - Audit and Analyze Firewalls Skybox Network Assurance - Verify Network Compliance Skybox Risk Control - Next-Gen Vulnerability Management Key Employees Gidi Cohen, CEO, Founder Lior Barak, CFO Amnon Lotem, Chief Technology Officer Paul Farr, Vice President, Business Development Michelle Johnson Cobb, VP Marketing and Business Development Key Investors Rembrandt Venture Partners Lightspeed Venture Partners Benchmark Carmel Ventures Mitsubishi UFJ Capital Valley Venture Capital Susquehanna Growth Equity Page 100 December 18, 2013

100 Skyhigh Networks Company Description Skyhigh uses fine grain controls to discover, analyze, and control the cloud services that a customer s employee uses. It sees the cloud services that customers use and all the associated security issues associated with it. It analyzes the services to find the abnormalities and ways the company can save costs on subscriptions. It also adds an element of control by enforcing IT policies. It has a registry of 2,600 services with 500 added every six weeks. For each service the company creates an independent score across 30 criteria. For the analysis, the company has a Hadoop infrastructure. For the control, the company has a reverse proxy and associated services it runs through its data centers. Key Products Skyhigh Cloud Access Security Manager addresses the entire cloud management lifecycle from discovery to analysis to data security and enables enterprises to embrace cloud services with appropriate levels of security and governance, while lowering overall risk and cost. Skyhigh CloudTrend highlights the usage of specific cloud services over time. IT can pivot across multiple facets, identify high-impact services that reach a tipping point and make them widely available to all employees. Skyhigh CloudFlow Encryption applies standards-based encryption to structured and unstructured data, while maintaining end-user functionality such as sort, search, and format. By maintaining control of encryption keys, companies can minimize exposure to breaches and third-party disclosures. Skyhigh CloudDLP enforces DLP policies inline and offline via alerting, blocking, or encryption to prevent data loss to cloud services. Skyhigh CloudRegistry delivers a comprehensive registry of thousands of cloud services, including services uncategorized by firewalls. Skyhigh classifies each service into 30+ categories and provides detailed information across 50+ attributes. Key Employees Rajiv Gupta, Founder and CEO Danielle Murcray, Chief Financial Officer Sekhar Sarukkai, Co-Founder and VP of Engineering Kaushik Narayan, Co-Founder and Chief Architect Asheem Chandna, Founding Investor and Board of Directors Key Investors Sequoia Capital Greylock Partners Page 101 December 18, 2013

101 Symplified Company Description Symplified is a leader in Identity-as-a-Service for the hybrid cloud. The company simplifies user access to applications, provides visibility and control over usage, and helps meet security and compliance requirements. Symplified delivers single sign-on, identity and access management, directory integration, centralized provisioning, strong authentication, mobile device support and flexible deployment options. Symplified allows convenient access to any cloud or onpremises application through a unified, customizable SSO portal and delivers a single-tenant identity control point, with no need to replicate sensitive user data to a third party, no side-door access to cloud applications, and an enterprise-wide audit trail. Key Products Symplified provides single sign-on (SSO), identity and access management (IAM), directory integration, centralized provisioning, strong authentication, mobile device support, and flexible deployment options Symplified Management Console allows administrators to manage and enforce access control policies based on roles and attributes defined in user directories. An organization can integrate multiple instances of Active Directory, LDAP, Google, Workday, or any other repository, without complex, expensive data consolidations. Symplified Identity Router may be deployed either behind the firewall, in the cloud, or as a hybrid spanning both public and private clouds, allowing organizations to meet their unique requirements and to future-proof their identity infrastructure. Key Employees Shayne Higdon, President and CEO Darren Platt. Founder and CTO Brian Czarny, VP Marketing Randy Streu, VP Business Development Key Investors Allegis Capital Granite Ventures Ignition Partners Page 102 December 18, 2013

102 Tenable Network Security Company Description Tenable offers a complete platform for vulnerability management, attack detection and mitigation, compliance monitoring, and IT risk management. Tenable Network Security is relied upon by more than 20,000 organizations, including the entire US Department of Defense and many of the world s largest companies and governments, to stay ahead of emerging vulnerabilities, threats, and compliance-related risks. Its Nessus and SecurityCenter solutions continue to set the standard for identifying vulnerabilities, preventing attacks and complying with a multitude of regulatory requirements. Key Products Tenable SecurityCenter provides a unified console for managing distributed Nessus scans for enterprise-wide security and compliance visibility. Nessus Perimeter Service brings Nessus performance, coverage, and accuracy to an unlimited number of internetfacing devices and provides PCI ASV validation. The Tenable Passive Vulnerability Scanner (PVS) is the only continuous vulnerability scanner, essential in discovering risks from mobile and virtual devices and risks of cloud-based applications. Key Employees Ron Gula, Chief Executive Officer and Chief Technical Officer Jack Huffard, President and Chief Operating Officer Marcus J. Ranum, Chief Security Officer Key Investors Accel Partners Page 103 December 18, 2013

103 ThreatMetrix Company Description ThreatMetrix is a provider of integrated cybercrime prevention solutions. The ThreatMetrix Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. Key Products The TrustDefender Cybercrime Protection Platform combines comprehensive data collection, behavioral analytics, and the ThreatMetrix Global Trust Intelligence Network into a risk-based security and fraud prevention solution. The platform provides: Comprehensive data collection across web, client and mobile devices; Sophisticated real-time risk scoring, with built-in security expertise; and Real-time insight from the ThreatMetrix Global Trust Intelligence Network containing the collective knowledge of billions of past transactions, across thousands of businesses. TrustDefender ID, which is cloud-based, real-time device identification. Global Trust Intelligence Network. ThreatMetrix profiles tens of millions of users and their devices every day and processes hundreds of millions of transactions every month to obtain the most accurate security and fraud prevention capability available. Key Employees Reed Taussig, President and CEO & Board of Director Frank Tereul, Chief Financial Officer Phil Steffora, Vice President of Global Networks and Chief Security Officer Key Investors CM Capital Investments Technology Venture Partners Tenaya Capital US Venture Partners August Capital Page 104 December 18, 2013

104 ThreatTrack Security Company Description ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber-defenses deployed by enterprises, and small and medium-sized businesses (SMBs) around the world. The company develops advanced cybersecurity solutions that analyze, detect, and remediate the latest malicious threats, including its ThreatAnalyzer malware behavioral analysis sandbox, VIPRE business and consumer antivirus software, and ThreatIQ real-time threat intelligence service. Key Products VIPRE Internet Security 2014 antivirus software that includes a firewall, spam filter, and bad website blocking into one powerful package of internet security solutions for complete protection against malware. VIPRE Mobile Security protects smartphones or tablets from more than 10,000 known Android viruses. ThreatTrack Security's ThreatAnalyzer (formerly GFI SandBox software) protects against Advanced Persistent Threats (APTs), Zero-days, and custom-targeted attacks. ThreatAnalyzer does malware analysis and delivers detailed analysis of more types of malware from more virtual and native applications. Key Employees Julian W. Watts, Sr., President and CEO Stewart D. Curley, CFO Dipto Chakravarty, EVP of Engineering and Products Key Investors Bessemer Page 105 December 18, 2013

105 Varonis Company Description Varonis provides an innovative software platform that allows enterprises to map, analyze, manage, and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, s, text messages, and any other data created by employees. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility, and information collaboration. As of September 30, 2013, Varonis had more than 2,100 customers, spanning leading firms in the financial services, public, consumer and retail, technology, healthcare, media & entertainment, energy & utilities, education, and industrial sectors. Varonis solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times and reduces risk and increases productivity by automating time-consuming data management and protection tasks and extract valuable insights from humangenerated data. Key Products Varonis Data Governance Suite helps organizations manage and protect their unstructured and semi structured data the documents, spreadsheets, presentations, media files and other business data in file servers, NAS devices, SharePoint and Exchange. Varonis DatAdvantage builds a complete picture of who can and who is accessing data, and who should have their access revoked. With the Varonis Data Classification Framework, identifies folders with excessive permissions that contain quantities of sensitive data. Key Employees Yaki Faitelson, CEO, President, and Co-Founder Gili Iohan, CFO Ohad Korkus, EVP of Engineering, CTO, and Co-Founder Jim O'Boyle, Sr., Vice President of Worldwide Sales Key Investors Accel Partners Evergreen Venture Partners Pitango Venture Capital EMC Page 106 December 18, 2013

106 Vaultive Company Description Vaultive s cloud data encryption solutions empower organizations to realize the cost savings, enhanced productivity, and operational efficiencies of cloud computing, while maintaining the data security, control, and compliance advantages of on-premise computing. Vaultive enables this through the deployment of patent-pending data-in-use encryption technology that eliminates the data security, privacy, residency and regulatory compliance concerns associated with cloud deployment. The company s core technology enables encrypted data to be searched, indexed, sorted and otherwise processed within a cloud application without first having to be decrypted. Vaultive also enables a customer to encrypt data-atrest within the cloud environment, while enterprise IT retains control of the encryption keys. Key Products Vaultive for Exchange/Office 365: Protects Exchange/Office 365 data including s, calendar, and tasks, across the data lifecycle: in transit, at rest and in use. Vaultive for Dynamics CRM Online: Persistently encrypts Dynamics CRM Online data, and ensure that the data is never processed in the clear at the service provider. Vaultive for Yammer: Retain direct ownership and control of corporate data stored and processed in the Yammer cloud. Vaultive for Box Enterprise: Extend your organization s boundary of control to the Box cloud, with a secure and managed collaboration environment. Vaultive Platform for SaaS: Secure and protect data in almost any cloud-based service, including custom software. Key Employees Elad Yoran, Chairman and CEO BOD Ben Matzkel, Co-Founder and CSO BOD Maayan Tal, Co-Founder and CTO Yael Nishry, Director of Business Development Key Investors.406 Ventures New Science Ventures Harmony Partners Security Growth Partners Page 107 December 18, 2013

107 Veracode Company Description Veracode provides cloud-based application intelligence and security verification services. The Veracode platform solution improves the security of internally developed, purchased or outsourced software applications, and third-party components by enabling scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities for all applications no matter how they are deployed, via the web, mobile, or in the cloud. Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands. Key Products Veracode s automated web application vulnerability scanning empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. Veracode Mobile application scanning supports ios, Android, Blackberry, and Windows Mobile. Veracode DynamicMP examines one application, one source, and one vulnerability at a time. Veracode DynamicMP combines the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive vulnerability detection service. Veracode Analytics is a intelligence service for users to better understand the threat space their application portfolio faces. Veracode Policy Manager provides CISOs with a dashboard that offers a centralized view of their portfolio of internal and third-party applications with details on how each application is performing from a security policy perspective. Key Employees Bob Brennan, CEO Ed Goldfinger, CFO Christien Rioux, Co-Founder and Chief Scientist Chris Wysopal, Co-Founder, CTO & Chief Information Security Officer Key Investors Polaris Partners Atlas Venture.406 Ventures Symantec Rovi Corporation In-Q-Tel Meritech Capital Partners StarVest Partners Page 108 December 18, 2013

108 Voltage Security Company Description Voltage Security provides data-centric security and stateless key management solutions to combat new security threats and address compliance by protecting structured and unstructured data as it is used across data centers, public and private clouds, and mobile devices. Voltage solutions are in use at almost 1,000 enterprise customers, including some of the world s leading brand-name companies in payments, banking, retail, insurance, energy, healthcare and government such as ING, Kaiser Permanente, Kodak, Wells Fargo, and Heartland Payment Systems. Key Products Voltage SecureData Enterprise provides encryption, tokenization, data masking, and key management for securing data as it is captured, processed, and stored across databases, applications, data warehouses, and cloud environments. Voltage SecureData Payments provides complete point-to-point encryption (P2PE) and tokenization for retail payment transactions, enabling PCI scope reduction without the massive IT disruptions traditionally associated with encryption. Voltage SecureData Web provides end-to-end encryption and tokenization for e-commerce and other web-based transaction systems, reducing risk and PCI scope, while preserving user experience. Voltage Secur provides policy-based, end-to-end encryption for and mobile messaging, offering internal, external, and cloud-based deployment models. Voltage Cloud Services provides cloud scale encryption for and document encryption between businesses, partners, and their customers. Key Employees Sathvik Krishnamurthy, President and CEO] Lisa A. Viso, Chief Financial Officer Terence Spies, Chief Technology Officer Key Investors Menlo Ventures Hummer Winblad Venture Partners Siemens Venture Capital Jafco Ventures Morgenthaler Ventures Trident Capital Cipio Partners Page 109 December 18, 2013

109 Vormetric Company Description Vormetric is the leader in enterprise encryption and key management for corporations. Vormetric allows corporations to encrypt ALL DATABASE (all versions) and ALL files across the Enterprise. Vormetric s provide very tight access controls to ensure only authorized users and applications can have access to the data. Vormetric claims more than 1,100 customers, including 17 companies of the Fortune 25. Key Products Vormetric Encryption allows enterprises to encrypt sensitive data on servers, control access to the encrypted data, and then report on who is accessing that data. Vormetric Encryption supports all of the major platforms Linux, Unix, Windows and can be used in physical, virtual, and cloud environments. Vormetric Key Management Controls and manages keys used with Transparent Data Encryption (TDE) for both Oracle database and Microsoft SQL Server database as well as providing secure storage for those keys. Vormetric Vault Provides a simple, secure data protection solution to the problem of managing certificates, and protecting encryption keys as well as other security objects with expiration alerts, reports, secure storage, and inventory Security Intelligence Security Information and Event Management (SIEM) compatible log formats capture all access to data and to the Vormetric Data Security environment, providing high value, real-time security intelligence to identify compromised accounts and malicious insiders. Key Employees Alan Kessler, President and CEO Greg Paulsen, CFO and VP of Finance Bruce Johnson, VP, Sales Operations and Business Development Ashvin Kamaraju, VP Product Development and Partner Management Key Investors Vanguard Ventures JK&B Capital Sigma Partners Quicksilver Ventures Split Rock Partners Page 110 December 18, 2013

110 WatchDox Company Description WatchDox enables organizations to access, share, and control their critical documents wherever they go: on any tablet, smartphone, or PC, even those beyond the IT department s control. Available as SaaS or on premise, the WatchDox document-centric security platform allows organizations to collaborate with partners, adopt bring-your-own-device (BYOD) initiatives, and control or wipe their documents remotely, all while providing their users a superior experience across every device. Key Products WatchDox enterprise file sharing solution delivers control and tracking of all files, on any device, even post-download and when sent to external collaborators. WatchDox also tracks document use for compliance and visibility. The platform integrates with SharePoint and other enterprise applications via comprehensive APIs. Key Employees Moti Rafalin, CEO, Co-Founder Adi Ruppin, CTO Ryan Kalember, Chief Product Officer Noam Livnat, VP Customer Success, Co-Founder & BOD Key Investors Gemini Israel ventures Shlomo Kramer Shasta Ventures The Blackstone Group Millennium Technology Value Partners The Blackstone Group Page 111 December 18, 2013

111 WhiteHat Security Company Description WhiteHat Security is a leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company s flagship product family, is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the visibility, flexibility, and control that organizations need to prevent web attacks. Furthermore, WhiteHat Sentinel enables automated mitigation of website vulnerabilities via integration with web application firewalls. Key Products WhiteHat Sentinel: Inventories and profiles the application assessing and addressing the risks; secure applications and dynamically keeps them safe moving forward, enables customers to address security issues in all new applications from the ground up, and throughout the SDLC. WhiteHat Sentinel service delivers scalable and affordable enterprise application security platform, accelerating the identification and remediation of web application security vulnerabilities. Sentinel Source directly assesses source code during development to uncover difficult-to-detect vulnerabilities in production, enabling remediation earlier in the development cycle. Sentinel PL strengthens web application security at launch by assessing web applications and providing remediation guidance in pre-production and staging environments. Key Employees Stephanie Fohn, CEO Jeremiah Grossman, CTO Bill Pennington, Chief Strategy Officer Key Investors Altos Ventures Horizon Ventures Altos Ventures Garage Technology Ventures Startup Capital Ventures Investor Growth Capital JMI Equity Page 112 December 18, 2013

112 zscaler Company Description Zscaler enforces business policy, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions, utilizing a multi-tenant, globally-deployed infrastructure. Zscaler s integrated, cloud-delivered security services include web security, mobile security, security, and DLP. Zscaler services enable organizations to provide the right access to the right users, from any place and on any device all while empowering the end-user with a rich Internet experience. Key Products Direct-to-Cloud Network enables IT organizations to replace many different point security products with a single cloud security solution to deliver: Advanced Persistent Threat Protection: Protect users accessing the internet from any location, on any device. Application Control: Effectively leverage the benefits of cloud applications and social media, while reducing web, , and mobile security data risks. Data Protection: Perform full inspection of all internet traffic leaving the organization, with near-zero latency. Bandwidth Control: Allocate bandwidth to business-critical applications and manage usage. Key Employees Jay Chaudhry, Founder and Chief Executive Officer Lane Bess, Chief Operating Officer K. Kailash, Chief Architect and Founder Dr. Amit Sinha, Chief Technology Officer Dr. Manoj Apte, Senior Vice President of Product Management Key Investors Lightspeed Venture Partners Page 113 December 18, 2013

113 Other Private Security Companies Exhibit 23. Select Private Security Companies Name Segment Description 21CT Investigative Analytics 21CT provides investigative analytics and pattern detection solutions Actiance Social Media Compliance Actiance is a leader in communication, collaboration, and social media governance for the enterprise Accellion Secure File Transfer Accellion provides enterprise class mobile productivity solutions to enable secure, anytime, anywhere access to information while ensuring enterprise security and compliance. Agiliance Airwatch AlertLogic Alien Vault Appthority Authentify Avepoint Beyond Security BeyondTrust Software GRC Enterprise Mobility Unified Security Management Unified Security Management Mobile Application Security Identity and Access Management Collaboration Governance and Compliance Vulnerability Management Vulnerability Management Agiliance is a leading independent provider of Integrated Risk Management solutions for Governance, Risk, and Compliance (GRC) programs. AirWatch is a leader in enterprise grade mobile device management, mobile application management, and mobile content management solutions Alert Logic solutions include day to day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment AlienVault s USM platform has significantly reduced the cost and complexity related to buying and deploying all of the essential security controls required for comprehensive security visibility Appthority provides an all in one App Risk Management service to discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors Authentify offers flexible Out of Band Authentication (OOBA) services for strengthening the security of account access or verifying legitimate account activity AvePoint is a leader in enterprise class big data management, governance, and compliance software solutions for next generation social collaboration platforms Beyond Security develops tools that test networks, software, and web applications for security weaknesses BeyondTrust provides information security management, vulnerability management and assessment, and data security solutions Bit9 Bluebox BlueCat Networks Source: BMO Capital Markets Real time visibility and protection Mobile Security Mobile Security Bit9 is the leader in a new generation of endpoint and server security based on real time visibility and malware protection Bluebox Security secures company data as it interacts with employee mobile devices & services BlueCat provides IP Address Management (IPAM) solutions to help organizations manage their networks and devices Page 114 December 18, 2013

114 Exhibit 24. Select Private Security Companies Name Segment Description Blue Coat Network Security Blue Coat empowers enterprises to safely and quickly choose the best applications, services, devices, data sources, and content Bromium Catbird Networks Centrify Bromium provides protection at the endpoint with vsentry by automatically Endpoint Security creates hardware isolated micro VMs that secure every user task Catbird provides software defined security for virtualized data centers, Virtualization delivering visibility and control to IT with continuous compliance monitoring Security and policy enforcement Identity and Centrify provides Unified Identity Services across data center, cloud and Access mobile resulting in one single login for users and one unified identity Management infrastructure for IT Cenzic CipherCloud Web Application Security Cloud data protection Cenzic provides application security to continuously assess cloud, mobile and web vulnerabilities CipherCloud delivers an open platform with comprehensive security controls including encryption, tokenization, cloud data loss prevention, cloud malware detection, and activity monitoring filtering and Clearswift provides adaptive cyber solutions that enable their organizations to Clearswift web gateway secure business critical data from internal and external threats Click Secuity Network Security Click Security automates the investigation, collaboration, and lockdown of all network activity CloudFlare Web protection CloudFlare protects and accelerates any website online CloudAccess Cloud Security CloudAccess provides comprehensive security as a service from the cloud including SIEM, Access Management, Identity Management, Log Management, Single Sign On, and Web SSO CloudLock Data protection CloudLock is the cloud data security company that enables control of data CloudPassage Cloud Security CloudPassage provides server security products purpose built for dynamic public and hybrid cloud hosting environments Core Security Predictive Security Intelligence Core Security provides audit, penetration testing, and software products and services Commodo Trust Services Comodo providing computer software and SSL digital certificates Courion Identity and Access Management Courion provides identity and access management (IAM), access governance, provisioning, and compliance solutions ContentRaven Source: BMO Capital Markets Content Security Content Raven provides content distribution and content control through the cloud to mobile and other devices with a focus on rich media Page 115 December 18, 2013

115 Exhibit 25. Select Private Security Companies Name Segment Description Security Critial Watch's ACI Platform is a next generation technology that combines Critical Watch Intelligence comprehensive intelligence with active mitigation CrowdStrike CyberArk Cyvera Damballa Active Defense Platform Priviledged Account Security APT APT CrowdStrike s cloud based next generation threat protection platform leverages execution profiling and real time forensics instead of focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities CyberArk focuses on eliminating the most advanced cyber threats that use insider privileges to attack the enterprise Cyvera is an innovative provider of cyber defense solutions that protect organizations from sophisticated targeted cyber attacks and mass attacks Damballa delivers breach resistance to organizations that need to costeffectively and efficiently eliminate the risk of business loss from Advanced Threats Dell's connected security strategy takes a comprehensive lifecycle approach in Dell Security four critical areas: Data, Identity and Access, Network, and Security Services. DigiCert SSL Certificates DigiCert is a X.509 SSL certificate provider DocuSign esignature DocuSign is a provider of cloud based electronic signature technology Duo Security Two Factor Authentication Duo Security's hosted two factor authentication service EiQ Networks Security Intelligence EiQ Networks is a pioneer in simplified security, risk, and compliance solutions Entrust Identity Security Entrust provides Identity based security software and services in the areas of public key infrastructure (PKI), multifactor authentication, Secure Socket Layer certificates, fraud detection, digital certificates, and mobile authentication Firemon ForeScout Good Technology Guardian Analytics Hightail Source: BMO Capital Markets Security Management NAC Mobile Security Bank Fraud Secure File Transfer FireMon s real time security management solution monitors, controls and analyzes existing network security infrastructure to improvesecurity posture ForeScout is as leading provider of network access control (NAC) and policy compliance solutions Good Technology provides secure enterprise data and applications for mobile workforce uses, protecting both the integrity of corporations and the privacy of employees Guardian Analytics is a in banking fraud prevention solutions that detect fraudulent activity and transactions in the online, ACH, wire, and mobile banking channels Hightail provides secure sharing of files and folders with anyone from any device Page 116 December 18, 2013

116 Exhibit 26. Select Private Security Companies Name Segment Description Virtualization HyTrust provides virtualization security and compliance solutions available for Hytrust Security VMware vsphere datacenters Imprivata SSO Imprivata helps organizations secure their networks and ensure emr adoption by offering single sign on solutions for health information access Invincea Endpoint Security Invincea is a premier innovator in advanced malware threat detection, breach prevention and forensic threat intelligence. Kaspersky Antivirus Kaspersky Lab provides antivirus and internet security software LogRythym SIEM LogRhythm provides log and event management, log analysis, SIEM, and automated remediation for enterprise class organizations Lookout Mobile Mobile Security Lookout Mobile provides security to protect mobile phones from viruses, malware and spyware, the ability to backup and restore data, and tools to help locate lost or stolen phones. Lumension Endpoint Security Lumension Security is a global leader in endpoint management and security Mandiant Mobile Active Defense Security Incident Response Mobile Security Mandiant is the leader in Security Incident Response Management Mobile Active Defense provides mobiel security throguh its Mobile Enterprise Compliance and Security Server (MECS) product Mobile Safe provides a full suite of campus safety products Rave Alert, Rave Mobile Safe Campus Saftey Guardian, Rave EyeWitness and Rave CampusMessenger from AT&T MobileIron Mobile Security MobileIron is a leader in enterprise mobility management (EMM). Mocana Net authority Okta Mobile Security Authentication Identity and Access Management Mocana extends the mobile enterprise and simplifies wide scale deployments by securing apps automatically with the company's Mobile Application Protection (MAP ) app shielding solution that s distributed globally by SAP NetAuthority is a division of Uniloc USA, focused on the mission of reducing cyber security risks and fraud by bringing device centric authentication and security to the internet connected world Okta is an enterprise grade identity management service in the cloud allowing IT to manage access across any application, person or device Panda Security PerspecSys Source: BMO Capital Markets Endpoint Security Data protection Panda Security s portfolio of solutions include SaaS based protection of endpoints, and web traffic, cloud based systems management, as well as an integrated on premises endpoint protection platform. PerspecSys gives organizations the ability to understand how employees are using cloud applications and then take the steps necessary to protect sensitive information before it leaves their network while uniquely not impeding the cloud functionality. Page 117 December 18, 2013

117 Exhibit 27. Select Private Security Companies Name Segment Description Porticor Cloud Security Porticor is the leading Cloud Encryption & Cloud Security solutions provider for enterprise and SME Ping Identity Identity and Access Management Ping Identity delivers single sign on and identity management, increasing IT security and providing secure mobile access to the cloud QuoVadis Trust Services QuoVadis provides managed public key infrastructure services (PKI), including both dedicated certification authorities (CA) that may be fully customised to a client's needs as well as shared services CAs that have been audited to international standards. Rapid7 Red Lambda RedSeal ReD SAINT Corporation SafeNet SailPoint Security First Security Innovation, Inc. Security Metrics Skybox Security Skyhigh Networks Source: BMO Capital Markets Vulnerability Management Big Data Security Enterprise Security Management Payment Fraud Vulnerability Management Data protection Identity and Access Management Data protection Application Security Data protection Risk Analytics Cloud Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for web applications, network, and database security Red Lambda enables businesses and government agencies to effectively secure their data through advanced, Big Data analytics technologies RedSeal Networks is the leading provider in network infrastructure security management that continuously provides network visualization and identify critical attack risk and non compliance in complex security infrastructure ReD provides payment fraud solutions in every part of the payments value chain, protecting merchants, issuers, acquirers, PSPs, processors and switches SAINT provides vulnerability management, penetration testing, and compliance. SafeNet is a leader the encryption industry in Enterprise Data Protection and Software Rights Management solutions for both commercial enterprises and government SailPoint offers identity governance, provisioning and SSO for security, compliance and reduced costs Security First provides SecureParser based solutions that provide a homogeneous way to protect and control access to all data, whether at rest or in motion across heterogeneous systems Security Innovation is focused in application security and offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standards, education, and assessment SecurityMetrics is a leading provider and innovator in merchant data security and compliance for businesses worldwide Skybox solutions provide a context aware view of the network and risks that drives effective vulnerability and threat management, firewall management, and continuous compliance monitoring Skyhigh enables companies to embrace cloud services with appropriate levels of security, compliance, and governance Page 118 December 18, 2013

118 Exhibit 28. Select Private Security Companies Name Segment Description Sophos Network and Endpoint Security Sophos is a developer and vendor of security software and hardware, providing endpoint, encryption, , web, mobile and network security as well as Unified Threat Management products. Symplified Identity and Access Management Symplified offers on demand identity management and single sign on solutions for SaaS and cloud applications. Tenable Vulnerability Management The Tenable platform provides a vulnerability and threat detection technology Threat Metrix Security and Fraud prevention ThreatMetrix combines comprehensive data collection, big data analytics and the ThreatMetrix Global Trust Intelligence Network to provide security and fraud prevention ThreatTrack Security (VIPRE) Titus Trace Security Tripwire Varonis Vaultive Venafi Veracode Verdasys ThreatTrack Security offers VIPRE Antivirus Business, antivirus and Mobile Device Management software that enables companies to centrally protect Antivirus and manage PCs, Macs, iphones, ipads and Android devices TITUS enables organizations to classify, protect, and confidently share their Data Classification information TraceSecurity provides IT governance, risk and compliance (GRC) GRC management solutions Security and Complaince Tripwire provides risk based security and compliance solutions Varonis provides comprehensive, actionable data governance solutions for Data governance unstructured and semi structured data Vaultive is the cloud data encryption standard, providing cloud data Encryption protection and enabling security and compliance Venafi is a market leading cybersecurity company in Next Generation Trust Protection (NGTP) delivering a trust protection platform to secure Trust Services cryptographic keys and digital certificates Application Veracode provides application security through static analysis & dynamic Security analysis delivered through an on demand SaaS platform Verdasys provides Enterprise Information Protection solutions and managed services to secure sensitive data and assure the integrity of business processes, enabling midsize and global businesses to successfully compete in Data protection collaborative and mobile environments Voltage Security Vormetric WatchDox Source: BMO Capital Markets Data protection Data protection Secure File Transfer Voltage Security delivers data centric security software solutions to protect data across enterprise, cloud, mobile devices, and big data environments Vormetric is an industry leader in data security solutions that span physical, virtual, and cloud environments WatchDox secure file sharing makes business mobile and collaborative, while reducing the risk, complexity and cost of sharing with data centric protection Page 119 December 18, 2013

119 Exhibit 29. Select Private Security Companies Name Segment Description Webroot Endpoint Security Webroot provides SecureAnywhere solutions for consumers and businesses, and security intelligence solutions to enterprises and technology partners focused on cyber security worldwide Watchguard Network Security WatchGuard is a provider of network security products and network security computer appliances Websense Dataprotection Websense provides unified web security, security, mobile security, and data security. WhiteHat Web Application Security WhiteHat Security delivers end to end website security solutions for companies of any size Workshare Content Security Workshare securely enables storing, sharing, and control of documents. zscaler Cloud Security Zscaler Security Cloud safely enable users doing business beyond the corporate network for web security, security, mobile security, and direct to net Source: BMO Capital Markets Page 120 December 18, 2013

120 Glossary Exhibit 30. Glossary Term Advanced Persistent Threat Anti-Malware Anti-Phishing Anti-Spam Anti-Virus Appliance Blacklisting Botnets CIO CSO Cloud Computing Configuration Management Data Loss Prevention (DLP) Distributed-Denial-of-Service Protection Domain Name System (DNS) Security Encryption Endpoint Security Firewall Source: BMO Capital Markets Definition Refers to a group, such as a foreign nation state government, with both the capability and the intent to persistently and effectively target a specific entity. A software program designed to identify and remove a known or potential piece of malicious software that interferes with normal computer functions A software program designed to identify and block phishing attacks A software program designed to identify and block spam A software program designed to identify and remove a known or potential virus A separate and discrete hardware device with integrated software, specifically designed to provide a specific computing resource A network administration practice used to prevent the execution of undesirable programs by maintaining a list of programs that are to be denied system access and prevened them from installing or running. A collection of software agents, or bots, that run autonomously and automatically typically used to disrupt the operation of company networks by criminal entities Chief Information Officer (CIO) is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals. Chief Security Officer (CSO) is also used at some companies to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. A method of computing, via the Internet, that broadly shares computer resources instead of having a local personal computer handle specific applications A field of management that focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life A system designed to detect and prevent the unauthorized use and transmission of confidential information An attempt to make a computer resource, typically services hosted on high-profile web servers, unavailable to its intended users A hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. Technologies used to protect incoming and outgoing from unauthorized access and misuse The process of encoding a message so that it can be read only by the sender and the intended recipient A strategy in which security software is distributed to end-user devices but centrally managed like firewalls, AV, IDS/IPS, etc A technological barrier designed to prevent unauthorized or unwanted communications between sections of a computer network Page 121 December 18, 2013

121 Exhibit 31. Glossary Term HIPPA Host-Based Hybrid Identity and Access Management (IAM) Intrusion Detection/Intrusion Prevention (IDS/IPS) Log File Managed Security Service Providers Managed Security Services (MSS) Mobile Data Protection (MDP) Mobile Device Management (MDM) Network Security Network Access Control (NAC) Next Generation Firewall On-Premise Patch Management Phishing Personal Information Manager (PIM) Secure Web Gateway Security as a Service Security Information and Event Management (SIEM) Source: BMO Capital Markets Definition The Health Insurance Portability and Accountability Act of 1996, requires the protection and confidential handling of protected health information A technique of securing a network through effective management of security vulnerabilities on individual devices connected to the network, with limited or no use of perimeter network defenses An infrastructure setup containing a combination of physical, virtual, and cloud servers that can be managed locally or remotely A process that encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources A security technology that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities A file to which a computer system writes a record of its activities A company that delivers outsourced network security Network security services that have been outsourced to a service provider Mobile data protection products secure data on movable devices that can leave the office, including notebooks, PDAs and smart phones Secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects An approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement A wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks. Software that is installed and run on local computers Software designed to manage and fix functionality issues, security vulnerabilities, or software updates of a computer program or its supporting data To request confidential information over the Internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data A type of application software that functions as a personal organizer Segment of IT security that involves web filtering, malware filtering, web application level controls and centralized management The practice of delivering traditional security applications as an Internet-based service, on-demand, to consumers and businesses Industry-specific term in computer security referring to the collection of data (typically log files; e.g. event logs) into a central repository for trend analysis Page 122 December 18, 2013

122 Exhibit 32. Glossary Term Security Intelligence Services Signature-based Detection Single sign-on (SSO) Spam Spyware SSL Virtual Appliances Virtual Private Network (VPN) Virtual Zones Virtualization Security APIs VM Lifecycle Products Vulnerability Assessment and Compliance Web Application Firewall (WAF) Whitelisting Zero-hour Threats Source: BMO Capital Markets Definition Technical support services in the fields of IT security that are provided by intrusion experts, security engineers, with virus and threat analysts A method of identifying viruses and other malware by comparing the contents of a file to a list of known virus signatures A property of access control of multiple related, but independent software systems A disruptive, especially commercial message posted on a computer network or sent as A type of malware that is installed on computers and collects little bits information at a time about users without their knowledge A commonly-used protocol for managing the security of a message transmission on the Internet A software image as well as a description of the hardware that mimics the functionality and behavior of a hardware appliance but runs within a virtual machine The use of encryption to provide a secure connection through an otherwise insecure network, typically the Internet An isolated virtual server with a single operating system instance within a virtualized environment An interface implemented by a security software program to enable interaction with other software programs that is run on virtualized environments Software that manages the process of a product from its conception, through design and manufacture, to service and disposal and runs on a virtualized environment Software segment of IT security that involves testing a database for vulnerabilities and checking its controls for compliance in accordance with a company's risk assessment process An appliance, server plugin, or filter that applies a set of rules to an HTTP conversation that cover common attacks such as Cross-site Scripting (XSS) and SQL Injection to identify and block attacks. A list or register of those that are being provided a particular privilege, service, mobility, access or recognition. A computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software developer, or for which no security fix is available Page 123 December 18, 2013

123 Page 124 December 18, 2013

124 Barracuda Networks (CUDA-NYSE) Stock Rating: Outperform Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Initiating Coverage With an Outperform Rating and $30 Price Target Investment Thesis It is clear to us that users are consuming technology in a new way. Barracuda solutions solve complex IT challenges with plug-and-play, easy-to-install solutions with a single-source vendor. Barracuda has pioneered with best-ofbreed solutions in three distinct markets, including 1) content security; 2) networking and application delivery; and 3) data storage, protection, and disaster recovery. They are delivered as a service, providing organizations of all sizes with true end-to-end protection that can be deployed in hardware, virtual, cloud, and mixed form factors. Forecasts & Valuation Barracuda attacks a large addressable market opportunity with a cost-efficient model. In our opinion, one of the most important drivers to the Barracuda investment story is the ability to penetrate deeper the installed base with additional technologies. Based on an analysis of 180,000 customers, the average customer buys about 2.9 times the original purchase over six years. We believe the company s expanding product set, refined go-to-market model, and cross-/up-sell into its expanding customer base can drive billings acceleration (15.3% CAGR FY2014-FY2016) and FCF margin expansion (427 bp FY2014- FY2016). Recommendation We see the potential for accelerated billings and are initiating with an Outperform rating and $30 price target, based on 5.7x our 2015 EV/sales estimate. Price (17-Dec) $ Week High $25.90 Target Price $ Week Low $18.63 Barracuda (CUDA) Price: High,Low,Close(US$) Relative to S&P Volume (mln) Last Data Point: December 16, 2013 (FY-Feb.) 2012A 2013A 2014E 2015E EPS na $0.04 $0.03 $0.15 P/E nm nm CFPS na $0.50 $0.90 $1.16 P/CFPS 28.7x 22.3x Rev. ($mm) $161 $199 $230 $256 EV ($mm) $1,344 $1,344 $1,344 $1,344 EBITDA ($mm) $9 $14 $6 $4 EV/EBITDA 152.5x 92.8x 222.9x 333.0x Quarterly EPS Q1 Q2 Q3 Q4 2012A na na na na 2013A $0.02 $0.02 $0.00 $ E -$0.01a $0.00a $0.01 $0.04 Dividend $0.00 Yield 0.0% Book Value -$0.39 Price/Book -65.7x Shares O/S (mm) 53.2 Mkt. Cap (mm) $1,373 Float O/S (mm) 5.4 Float Cap (mm) $138 Wkly Vol (000s) 2,040 Wkly $ Vol (mm) $44,084 Net Debt ($mm) -$107 Next Rep. Date na Notes: All values in US$. First Call Mean Estimates: BARRACUDA NETWORKS INC (US$) 2014E: $0.04; 2015E: $ Page 125 December 18, 2013

125 BMO Capital Markets Barracuda Networks Investment Drivers Potential for accelerated billings. Barracuda maintains a strong revenue base with recurring revenue subscription-based model. Barracuda s recurring subscription services provide its customers with up-to-date features, functionality, and real-time security protection, as well as eliminate the need for future forklift system upgrades or additional software purchases. The content security market is the largest and slowest growing aspect of Barracuda s business. The faster-growing segments are quickly becoming a larger piece of the overall pie. We estimate that that Archival Disk & Backup Appliance, Next Generation Firewall, and Web Application firewall segments are growing north of 25% and are becoming more meaningful to the company's overall growth rate. Strong and consistent growth with large solution base. While Barracuda s overall growth CAGR of 15.3% from FY2014-FY2016 is clearly ahead of industry growth rates, some investors question why Barracuda is growing faster like some of the other emerging security vendors in the space. Leveraging the Barracuda brand. While most investors view the Small and Medium Business (SMB) market as a less attractive investment because of higher competition and customer churn, Barracuda can overcome some of the challenges with increased disclosure around customer retention and stickiness of its customer base. Barracuda is undergoing a change in go-to-market to leverage the sweet spot middle market. It is also leveraging upstream and bigger potential customers as they look to simplify their IT infrastructure technology, consolidate vendors, and reduce costs without losing features and functionality. Cross-sell/up-sell. In our opinion, one of the most important drivers to the Barracuda investment story is the ability to penetrate deeper the installed base with additional technologies. With more than 180,000 corporate subscribers and more than 5,000 channel partners today and a portfolio of best-inclass mid-market infrastructure solutions, Barracuda should be able to increase its penetration with high-margin multiple subscriptions per customer. Reality, in our opinion, is that the company is in super early innings in cross-selling into the install base. The vast majority of its sales have been to new customers, but we are starting to see more cross-selling, which could lead to revenue acceleration. Increase market awareness. While the Barracuda brand is recognized by the market, we believe the company has underspent to its detriment on industry and third-party studies of its technology. While our conversations with customers believe that Barracuda s products and services are world class, the company lacks the industry backing necessary to pull up market. Under its new executive leadership, Barracuda appears to be starting to make the investments necessary to increase industry awareness, which could open the opportunity up market. Awareness is being driven through targeted marketing effort to drive industry coverage and respect. Expanding "customer lifetime value" in diverse installed base. Based on an analysis of 180,000 customers, the average customer buys about 2.9 times the original purchase over six years. With more than 12 distinct product categories, we believe that through better sales and marketing leadership, and execution, we could see the 2.9 times repeat buying accelerate significantly. Page 126 December 18, 2013

126 BMO Capital Markets Barracuda Networks Market Backdrop As organizations take advantage of important technology trends to improve productivity, like proliferation of mobile devices, Barracuda s vision is to simplify security, storage, and application delivering for organizations to solve current IT challenges including the following: Evolving security threat environment. Organizations face security threats from a variety of attackers that can result in organizational disruption, the theft of sensitive information, and can cause financial and reputational damage. Dealing with the proliferation of cloud- and web-based applications. As web applications, such as Facebook, LinkedIn, Twitter, and YouTube proliferate, Barracuda solutions can simplify the security necessary to enable the use of these applications within a secure infrastructure. Unabated increase of data and storage consumption. The volume of digital information created and replicated worldwide is growing, and organizations are increasingly dependent on the availability. Barracuda s strategy is to extend its leadership position as a global provider of solutions that simplify complex IT by increasing sales to new customers by further engaging with IT professionals to expand its customer base and pursue cross-selling opportunities. This has been driven by customers looking to consolidate IT suppliers to reduce overall IT spending, extending its model into new markets to address the needs of IT professionals, and by optimizing its channel and partner network in international regions. Barracuda attacks a large addressable market opportunity with a cost-efficient model. We estimate that the TAM for Barracuda is between $10 billion and $20 billion in 2012, based on market data from established third-party market research firms. The company s solutions address web access management, secure gateways, secure web gateways, intrusion prevention systems equipment, and secure socket layer virtual private network (VPN), equipment, VPN/firewall equipment and application delivery controllers segments. Gartner estimates that spending on these security segments was roughly $14.4 billion worldwide in In addition, Barracuda addresses the storage market with products that handle the archival disk-based storage, archiving software, purpose-built backup appliances and data protection software and hardware segments. According to IDC, estimated spending on these storage segments was $15.9 billion worldwide in Company Overview Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems efficiently and cost effectively, while maintaining a level of customer support and satisfaction. Its products span three distinct markets, including 1) content security; 2) networking and application delivery; and 3) data storage, protection, and disaster recovery. The company has more than 12 purpose-built solutions that support every aspect of the network providing organizations of all sizes with true end-to-end protection that can be deployed in Page 127 December 18, 2013

127 BMO Capital Markets Barracuda Networks hardware, virtual, cloud, and mixed form factors. The company maintains 44 patents of which 18 are organic and 26 acquired. It has approximately 55 pending. Barracuda designs and delivers easy-to-use security and storage solutions. In addition, the company offers cloud-connected solutions that help organizations address security threats, improve network performance, and protect and store data. Its model enables continuous software updates, offsite redundancy and distributed capacity, and are offered on a subscription basis. The company's solutions are delivered as cloud-connected appliances and virtual appliances, as well as cloud-only solutions. Exhibit 1. Company Product Set and Opportunity Barracuda Networks Products 2014 Gartner Gartner '12 17 CAGR Security TAM Growth Rate Competitors Barracuda Web Security $ 2, % Cisco, Blue Coat, Websense, Zscaler, McAfee, Symantec, Trend Micro, Sophos, Phantom Tech, EdgeWave,Optenet Barracuda Spam & Virus FW $ 1, % Cisco, Symantec, Proofpoint, Microsoft, Google, McAfee, Trend Micro, Sophos, Websense Barracuda SSL VPN $ % Barracuda Web app FW NA Imperva, F5, Qualys Barracuda Firewall $ 7, % CheckPoint, Palo Alto, Stonesoft, Fortinet, Cisco, Barracuda NGFW NA Juniper, McAfee, Dell SonicWall, HP, Huawei, Sophos TOTAL $ 12, Application Delivery TAM Growth Rate Barracuda Load Balancer ADC $ 3, % F5, Citrix, Radware, Riverbed, Strangeloop, A10 Networks, Barracuda Link Balancer Brocade, Array, Cisco, Sangfor Storage TAM Growth Rate Barracuda Backup $ 5, % CommVault, Symantec, EMC, IBM, NetApp, Veeam, HP, CA, Dell, Asigra, Evault, Acronis, Syncsort, FalonStor Barracuda Message Archiver $ 2, % Symantec, Proofpoint, IBM, Global Relay, Sonian, Bloomberg, Smarsh, EMC, CommVault, HP Copy $ 3, % SignNow TOTAL $ 10, Source: BMO Capital Markets Research, Gartner, company documents. With more than 180,000 organizations in 100+ countries, Barracuda confidently protects its users' applications and data. These companies include CitiBank, Coca-Cola, Delta Dental, FedEx, Harvard University, IBM, L'Oreal, Liberty Tax Service, Mythbusters and Spokane Public Schools. Its customer base represents a broad range of industries including automotive, education, electronics, financial services, food service, government, industrial manufacturing, medicine, media, real estate, retail, software, and telecommunications. In fiscal 2013 and for the six months ended August 31, 2013, one distribution partner accounted for 13% and 17% of our total revenue, respectively. No customer or distribution partner accounted for greater than 10% of our total revenue in fiscal 2011 or Barracuda launched its first commercial product, the Barracuda Spam & Virus Firewall, in October The company launched its Web Filter in 2005, its Load Balancer in 2006, its Message Archiver in 2007, its first virtual appliances and Barracuda Security Service in 2010, and its copy service, Application Delivery Controller, and Barracuda Firewall solutions in In addition, the company acquired capabilities for web application security in 2007, secure virtual private network in 2008, backup, disaster recovery and deduplication in 2008, next-generation firewall and cloud-based web security in 2009, and esignature in Page 128 December 18, 2013

128 BMO Capital Markets Barracuda Networks Barracuda manufactures its appliances in the Silicon Valley that enables the company to have just-in-time manufacturing. The company generally uses commodity hardware in its appliances, which is readily available from multiple sources. The company often gets less than an hour notice for big orders and are often required to ship on the same day. Exhibit 2. Company Product Set Security and Storage Source: BMO Capital Markets Research, company documents. Barracuda Solutions The Barracuda architecture is based on one core platform that uses a proprietary operating system, built on the Linux open source kernel. The platform also is comprised of several common foundational components. All solutions can be managed through a centralized management solution. Page 129 December 18, 2013

129 BMO Capital Markets Barracuda Networks Exhibit 3. Company Platform Source: BMO Capital Markets Research, company documents. Security Solutions Span the Content and Network The Barracuda Spam & Virus Firewall includes spam and virus blocking, denial-of-service prevention, continuity, encryption, and policy management features. With the included Cloud Protection Layer, or CPL, Barracuda Spam & Virus Firewall customers can route their through the Barracuda cloud performing advanced malware detection and pre-filtering to keep threats off their premises, reduce incoming connections to their network, and spool mail in the event their sites become unavailable. The cloud-based Barracuda Security Service provides the same functionality as the Barracuda Spam & Virus Firewall and is designed for customers who host their own , but wish to fully offload their security to a cloud service. The Barracuda Web Filter integrates several technologies for setting and enforcing granular web filtering policies and blocks user access to known malicious websites, scans web downloads for malware, enables granular enforcement based on existing user and group authentication, and provides comprehensive web usage visibility through intuitive dashboards. The cloud-based Barracuda Web Security Service is designed to deliver web security and policy enforcement in highly distributed network environments. Barracuda Next-Generation Firewall offers Layer 7 application visibility and adds user-identity awareness to safely enable access policies for specific users and user groups. It integrates network firewall, intrusion prevention, or IPS, VPN, and Layer 7 application control, with options for additional components such as web security. The Barracuda Firewall is delivered as Page 130 December 18, 2013

130 BMO Capital Markets Barracuda Networks a hybrid appliance and can be managed locally through a familiar web interface, or from the cloud. The Barracuda Web Application Firewall protects web servers from data breaches and downtime by intercepting sophisticated application-layer attacks, such as SQL injection, crosssite scripting, or XSS, session hijacking, and application-layer distributed denial of service, or DDoS. The Barracuda Load Balancer ADC optimizes application performance, availability, and security and is an integrated platform that distributes network traffic across multiple servers using advanced Layer 4 and Layer 7 load balancing techniques including global server load balancing, or GSLB, content caching, data compression and connection pooling to offload computing functions from backend servers and improve application response time. The Barracuda SSL VPN provides remote users with secure access to internal network resources from any web browser, while providing the security needed to protect internal systems from unauthorized access, viruses, and other malware. Storage Solutions Provide a Data Protection Portfolio for Archive, Backup, and Cloud Storage Barracuda Backup is an end-to-end solution that simplifies the backup process and enables secure offsite replication to other Barracuda Backup appliances and to the Barracuda storage cloud. Barracuda Backup uses advanced deduplication technology to reduce the amount of backup data stored. The company's LiveBoot technology enables virtual appliances to be run directly from the backup for disaster recovery purposes, from either the local appliance or the cloud, without the overhead associated with restoring backup images to their original format. The Barracuda Message Archiver substantially reduces archive sizes by eliminating duplicate messages, storing only one instance of each message attachment, and then compressing the stored data and significantly reducing mail database sizes by decreasing retention policies on its active mail servers and by stubbing attachments, removing them from the mail server and creating references to the archived copies. Copy is a cloud-based file storage platform that allows customers to securely access, share, and sync files of any size from any device and works across Windows, Mac OS X, and Linux operating systems. SignNow platform is a mobile esignature application that enables users to electronically sign documents from internet connected devices, reducing the need to print, fax, or ship documents. Barracuda Central is a centralized and automated security intelligence center that enables continuous threat detection and monitoring. Data collected and aggregated at Barracuda Central is analyzed and used to create definitions for continuous automatic updates. Page 131 December 18, 2013

131 BMO Capital Markets Barracuda Networks Revenue Recognition Barracuda invoices at the time of sale for the total price of the solutions and typically collects cash in 30 to 60 days. The company refers to the total amount of invoices it issues in a period as gross billings. All of the gross billings are recognized as revenue rateably once all revenue recognition criteria have been met. Gross billings are initially recorded as deferred revenue, less reserves. The appliance component of gross billings is recognized rateably as revenue over the estimated customer relationship period, which is typically three years, commencing upon the activation of the unit by the end customer. The subscription component of gross billings is recognized rateably as revenue over the contractual period of the subscription. Because the company bills in advance for the entire term, substantially all of new and renewal gross billings increase deferred revenue balance, which contributes significantly to the company's cash flow. The average subscription prices are about 30% off appliance list price the subscriptions are discountable by the channel. About 80%-85% are one-year subscriptions; the rest is multi-year three and five year. We conservatively estimate that renewal rates are around 90%+ subtracting upgrades with the more conservative definition. The Mid-Market Opportunity According to Compass Intelligence, there were 1.01 million companies worldwide with 100 to 4,999 employees in 2012, and an additional 1.43 million companies worldwide with 50 to 99 employees in Most mid-market organizations have one buyer that does. Historically it has been very difficult for IT vendors to reach the mid-market because it is expensive and not cost efficient to go direct. While many small companies buy solutions through the web (about 50% of customers come from direct response, i.e., Google, Yahoo!, radio), Barracuda has built a high-velocity sales team to inside sales center of about 145 people located in its Campbell facility. Page 132 December 18, 2013

132 BMO Capital Markets Barracuda Networks Exhibit 4. Vendor Position Within Addressable Market Enterprise (>1,000 Employees) 7,415 US firms Medium Business (500-1,000 Employees) 9,098 US firms Small Business ( Employees) 90,386 US firms Home Office/Consumer Source: BMO Capital Markets, US Census Bureau Page 133 December 18, 2013

133 BMO Capital Markets Barracuda Networks Why Barracuda Wins Exhibit 5. Why Barracuda Wins Source: BMO Capital Markets Research, company documents. Barracuda s solutions are plug and play. Traditional IT solutions often are difficult to install, require significant configuration, and necessitate specialized services and technical support to get the systems up and running. Barracuda solutions are purpose-built to be easy to use and to deploy without the need for special expertise or external support from IT specialists. Low touch and fast touch sales cycle. The complexity of traditional IT solutions and the requirement for customers to tailor traditional IT solutions to their needs lead to longer sales cycles, prolonging the period of time before customers can solve their problems. Through marketing and customer satisfaction, Barracuda has been a trusted brand for mid-market IT solution. Customers typically receive solutions and can deploy and begin to realize value within 24 hours solutions, while sales specialists work closely with customers to make the sale seamless. Quick fulfillment and automatic updates. Solutions from traditional IT vendors often have long delivery and installation times. In addition, traditional vendor products often need lengthy and expensive system upgrades or to purchase new software licenses to meet their evolving IT requirements. Barracuda developed a customized, streamlined process that enables efficient manufacturing and physical and digital distribution of its solutions. The company manufactures and fulfills its solutions primarily from Silicon Valley. In addition, updates subscriptions receive all of the new software capabilities, and customers who purchase Instant Replacement subscriptions also receive new appliances every four years. Page 134 December 18, 2013

134 BMO Capital Markets Barracuda Networks Hybrid, cloud-connected solution design. Barracuda s hybrid solutions consist of cloudconnected appliances and virtual appliances and cloud-only solutions that deliver security and storage capabilities out-of-the-box. World-class customer support. Traditional IT solution vendors often rely on self-service telephone support and outsourced customer support, which can lead to an inadequate and frustrating customer support experience and lengthy time to resolution. Barracuda provides insourced customer support, including a direct line to Barracuda support technicians available 24x7x365, remote support, preventative diagnostics. The company has approximately 240 support personnel and the average customer gets a call-back in 10 minutes. Balance Sheet and Capital Allocation Following its successful IPO, we estimate that the net proceeds from the sale of 4,140,000 shares of common stock at $18.00 per share, after deducting underwriting discounts and commissions will be approximately $66.1 million, or $76.5 million if the underwriters exercise their over-allotment option in full. Total cash and cash equivalents are approximately $96.2 million. Current Outlook Barracuda attacks a large addressable market opportunity with a cost efficient model. In our opinion, one of the most important drivers to the Barracuda investment story is the company's ability to deeper penetrate the installed base with addition technologies. Based on an analysis of 180,000 customers, the average customer buys about 2.9 times the original purchase over six years. We believe the company s expanding product set, refined go-to-market model, and cross/upsell into its expanding customer base can drive billings acceleration and margin expansion. We believe that estimates are conservative. Exhibit 6. BMO vs. Consensus 3QFY14E FY14E FY15E ($M, exc. EPS) BMO Street BMO Street BMO Street Appliance $17.6 $70.8 $78.7 Subscription $40.1 $159.1 $177.5 Total Revenue $57.7 $ 57.7 $229.9 $ $256.2 $ Revenue Growth 12.2% 12.2% 15.6% 15.5% 11.5% 11.3% EBITDA $ 0.81 $ 6.01 $ 4.04 EBITDA margin 1.4% 2.6% 1.6% EPS (non GAAP) $ (0.00) $ (0.01) $ 0.04 $ 0.04 $ 0.03 $ CFO $8.7 $32.5 $56.5 Source: BMO Capital Markets Research, Thomson Reuters. Page 135 December 18, 2013

135 BMO Capital Markets Barracuda Networks Exhibit 7.DCF analysis Valuation Our 10-year DCF analysis makes the following key assumptions, resulting in a long-term price of $30, implying a 15% premium to current levels: Revenue CAGR of 14%. EBIT margin slowly increasing to 17%. 10.0% WACC. 16x terminal cash flow multiple. Tax rate of 35%. ($in millions, except per share) FY2014E FY2015E FY2016E FY2017E FY2018E FY2019E FY2020E FY2021E FY2021E FY2021E TV CAGR Revenues $230 $256 $298 $344 $394 $449 $509 $574 $646 $723 $795 14% Growth 15.6% 11.5% 16.4% 15.4% 14.4% 13.9% 13.4% 12.9% 12.4% 11.9% 10.0% EBIT $3 $0 $7 $22 $41 $56 $69 $83 $100 $119 $139 EBIT Margin 1% 0% 2% 6% 10% 12% 13% 14% 15% 16% 17% Taxed EBIT $2 $0 $5 $15 $27 $36 $45 $54 $65 $77 $90 53% Depreciation $6 $4 $4 $5 $6 $7 $8 $10 $11 $12 $14 CapEx ($8) ($8) ($10) ($11) ($13) ($14) ($16) ($18) ($20) ($22) ($24) Change in Working Capital $31 $53 $58 $63 $69 $74 $79 $83 $87 $90 $91 Free Cash Flow $31 $49 $57 $72 $89 $103 $115 $129 $143 $158 $171 20% Growth 56% 18% 26% 23% 16% 12% 12% 11% 10% 8% Discounted FCF $28 $40 $43 $49 $55 $58 $59 $60 $61 $61 Cumulative cash flow $515 35% Tax Rate 35% WACC Cash Flow Multiple Terminal Value $957 65% WACC 10.0% $ x 14.0x 15.0x 16.0x 17.0x 18.0x Total DCF value $1,472 Cash Flow 16x 8% $30.7 $32.1 $33.5 $34.9 $36.2 $37.6 Debt $0 Multiple 9% $28.4 $29.7 $30.9 $32.1 $33.4 $34.6 Cash $107 10% $26.3 $27.4 $28.6 $29.7 $30.8 $31.9 Market Value of Equity $1,578 11% $24.4 $25.4 $26.4 $27.5 $28.5 $29.5 Shares Outstanding 53 12% $22.7 $23.6 $24.5 $25.5 $26.4 $27.3 Share Price $ % $21.1 $22.0 $22.8 $23.6 $24.5 $25.3 Current Price $25.83 upside/(downside) 15% Source: BMO Capital Markets Research, company documents. Our $30 price target is based on 5.7x our 2015 EV/sales estimate. Page 136 December 18, 2013

136 BMO Capital Markets Barracuda Networks Exhibit 8. Peer Analysis (in Millions, Except Per Share Data) Recent Cash/ EV/Sales Revenue Growth Ticker Rating Price EV Share FY1E FY2E FY0-FY1E FY1E-FY2E Barracuda Networks Inc CUDA Outperform $25.83 $1,267 $ x 4.9x 15.6% 11.5% vs Security -17% -16% Security Check Point Software Technologies Ltd CHKP MarketPerform $61.84 $8,794 $ x 6.0x 3.6% 5.6% FireEye Inc FEYE NC $38.87 $4,369 $ x 17.6x 89.3% 57.7% Fortinet Inc FTNT NC $17.88 $2,503 $ x 3.7x 13.2% 13.5% Imperva Inc IMPV Outperform $45.75 $1,012 $ x 5.9x 31.0% 26.4% Palo Alto Networks Inc PANW NC $55.84 $3,566 $ x 4.9x 41.4% 31.3% Proofpoint Inc PFPT NC $29.29 $969 $ x 5.9x 24.8% 24.5% Qualys Inc QLYS MarketPerform $23.31 $744 $ x 5.8x 18.0% 18.4% Average 6.6x 5.9x 31.6% 25.3% Average (excluding FEYE) 10.3x 7.7x 34.7% 27.3% (Fishbein - CUDA, CHKP, QLYS, IMPV) (NC = Not covered. Thomson data for not covered companies) *Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Research, Thomson Reuters. Stock prices as of the close on December 17, Risks Competition. The security and storage spaces are highly competitive. Introduction of competing solutions by competitors could hurt Barracuda s business. Competition includes: Blue Coat Systems, Check Point Software Technologies, CommVault Systems, EMC, F5 Networks, Fortinet, Imperva, Juniper Networks, Palo Alto Networks, Symantec, as well as other IT suppliers such as Cisco, Dell, Hewlett-Packard, the McAfee division of Intel, and International Business Machines, that have acquired large security specialist vendors. Potential company growing pains. Including inability to accurately predict market demand or customer demands. In addition, quarterly and annual operating results and key metrics have varied in the past and may continue to vary and be unpredictable. Delays in releasing new solutions or enhancements to the market. These include defects, errors or failures in their design or performance, and reluctance of customers to purchase solutions incorporating open source software. Macro economic risk. Poor business conditions for its customers, causing the company to delay IT purchases, and weak global economic conditions or a reduction in security and storage solution spending could adversely impact Barracuda's business. Acquisitions. As part of its business strategy, Barracuda made, and may and will likely in the future make acquisitions or investments in complementary companies and solutions, causing the potential for dilution or integration risks. Page 137 December 18, 2013

137 BMO Capital Markets Barracuda Networks Financial Models Exhibit 9. Income Statement Barracuda Income Statement FY2013 FY2014E FY2014E FY2015E FY2015E FY2016E ($ in millions except per share) FY2013 Q1-May-13 Q2-Aug-13 Q3-Nov-13E Q4-Feb-14E FY2014E Q1-May-14E Q2-Aug-14E Q3-Nov-14E Q4-Feb-15E FY2015E FY2016E Appliance $ $ $ $ $ $ $ $ $ $ $ $ Subscription $ $ $ $ $ $ $ $ $ $ $ $ Total Revenue (non-gaap) $ $ $ $ $ $ $ $ $ $ $ $ Year-Over-Year Growth 23.6% 22.3% 17.9% 12.2% 10.7% 15.6% 8.4% 9.0% 12.3% 16.0% 11.5% 16.4% Cost of revenue $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Gross Profit $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Expenses R&D $ $ $ $ $ Sales & Marketing $ $ $ $ $ General & Administrative $ $ $ $ $ Depreciation $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ Total Non-GAAP Operating Expenses $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating income $ $ (-) Depreciation $ $ $ $ (0.058) $ $ $ (1.098) $ (0.315) $ $ $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP EBITDA $ $ $ $ $ $ $ (0.183) $ $ $ $ $ Other income $ (0.324) $ (0.095) $ (0.007) $ - $ - (0.102) $ $ $ $ $ $ $ Non-GAAP Earnings Bef.Taxes $ $ $ $ (0.058) $ $ $ (1.088) $ (0.305) $ $ $ $ Provision for Income Taxes $ $ $ $ (0.054) $ $ $ (0.424) $ (0.259) $ $ $ $ Non-GAAP Tax Rate 22.5% 19.7% 27.4% 93.0% 130.0% 32.6% 39.0% 85.0% 93.0% 45.0% 76.0% 25.0% Non-GAAP Net Income (1) $ $ $ $ (0.111) $ $ $ (0.664) $ (0.046) $ $ $ $ Non-GAAP EPS $ 0.02 $ 0.02 $ (0.00) $ 0.01 $ 0.04 $ (0.01) $ (0.00) $ 0.01 $ 0.04 $ 0.03 $ 0.15 Avg. Diluted Shares Outstanding (1) Non-GAAP excludes: amortization, restructuring, impairments, settlements, and stock-based comp. Adjusted EBITDA (company definition) EBITDA $ $ $ $ $ Plus: change in deferred revs $ $ $ $ $ Less: change in deferred COGS $ (10.214) $ (3.086) $ (3.502) $ (1.256) $ (2.071) (9.915) Non-Controlling Income/(Expense) $ (0.794) $ (0.159) $ (0.203) $ (0.203) $ (0.203) (0.768) $ $ (0.183) $ $ $ $ $ $ $ $ (5.515) $ (1.800) $ (1.620) (2.340) $ $ (0.203) $ (0.203) $ (0.203) (0.203) $ $ $ $ $ $ $ $ (11.275) $ (10.215) $ $ (0.812) $ (0.812) Adjusted EBITDA $ $ $ $ $ $ $ $ $ $ $ $ Adjusted EBITDA margin (off revs) 25% 21% 20% 20% 24% 21% 18% 23% 23% 25% 22% 26% Expense Analysis (non-gaap): Gross Margin 80.1% 79.5% 79.8% 79.5% 79.5% 79.6% 79.5% 79.5% 79.5% 79.5% 79.5% 80.5% Sales & Marketing 49.3% 49.7% 47.6% 47.0% 46.5% 47.7% 49.2% 48.0% 47.5% 46.5% 47.8% 47.1% R&D 15.7% 17.7% 18.2% 20.6% 20.5% 19.2% 19.8% 19.7% 19.4% 19.0% 19.5% 19.2% General & Administrative 7.9% 8.9% 10.0% 10.5% 10.6% 10.0% 10.8% 10.8% 10.7% 10.5% 10.7% 10.2% Depreciation 1.4% 1.4% 1.5% 1.5% 1.5% 1.5% 1.5% 1.5% 1.5% 1.5% 1.5% 1.5% Margin Analysis (non-gaap): Gross Margin 80.1% 79.5% 79.8% 79.5% 79.5% 79.6% 79.5% 79.5% 79.5% 79.5% 79.5% 80.5% Operating Margin 5.9% 1.8% 2.5% -0.1% 0.4% 1.1% -1.8% -0.5% 0.4% 2.0% 0.1% 2.5% EBITDA Margin 7.3% 3.2% 4.0% 1.4% 1.9% 2.6% (.3%) 1.0% 1.9% 3.5% 1.6% 4.0% Tax Rate 22.5% 19.7% 27.4% 93.0% 130.0% 32.6% 39.0% 85.0% 93.0% 45.0% 76.0% 25.0% Net Margin 4.4% 1.3% 1.8% (.2%).9% 1.0% (1.1%) (.1%).8% 2.9%.7% 2.8% Sequential Growth Rates (non-gaap): Appliance 7.2% 2.3% (1.7%) 1.1% 5.6% 3.7% 1.5% 4.0% Subscription 7.3% 2.9%.5%.5% 4.7% 3.1% 3.4% 4.0% Total Revenue 7.3% 2.7% (.2%).7% 5.0% 3.3% 2.9% 4.0% Gross Profit 7.6% 3.1% (.5%).7% 5.0% 3.3% 2.9% 4.0% Year-Over-Year Growth (non-gaap): Appliance 37.6% 31.4% 23.9% 14.1% 9.0% 19.0% 7.4% 8.9% 12.5% 15.7% 11.1% 13.7% Subscription 18.5% 18.6% 15.4% 11.4% 11.5% 14.1% 8.8% 9.1% 12.2% 16.1% 11.6% 17.6% Total Revenue 23.6% 22.3% 17.9% 12.2% 10.7% 15.6% 8.4% 9.0% 12.3% 16.0% 11.5% 16.4% Gross Profit 21.6% 20.7% 17.1% 10.8% 11.1% 14.7% 8.5% 8.6% 12.3% 16.0% 11.4% 17.9% Operating expenses 18.5% 28.5% 21.3% 20.1% 19.1% 22.1% 13.4% 12.9% 11.6% 13.6% 12.9% 14.3% Source: BMO Capital Markets Research, company documents. Page 138 December 18, 2013

138 BMO Capital Markets Barracuda Networks Exhibit 10. Balance Sheet FY2013 FY2014E FY2015E FY2016E ($ in millions) Q4-Feb-13 Q1-May-13 Q2-Aug-13 Q3-Nov-13E Q4-Feb-14E Q1-May-14E Q2-Aug-14E Q3-Nov-14E Q4-Feb-15E Q4-Feb-16E Assets Cash & Cash Equivalents $ $ $ $ $ $ $ $ $ $ Marketable securities $ $ $ Accounts Receivable $ $ $ $ $ $ $ $ $ $ Inventories $ $ $ $ $ $ $ $ $ $ Prepaid income taxes $ $ $ - $ - $ - $ - $ - $ - $ - Deferred costs $ $ $ $ $ $ $ $ $ $ Deferred income taxes $ $ $ $ $ $ $ $ $ $ Other current assets $ $ $ - $ - $ - $ - $ - $ - $ - Total Current Assets $ $ $ $ $ $ $ $ $ $ PP&E, net $ $ $ $ $ $ $ $ $ $ Deferred costs $ $ $ $ $ $ $ $ $ $ Deferred income taxes $ $ $ $ $ $ $ $ $ $ Other assets $ $ $ $ $ $ $ $ $ $ Intangible assets $ $ $ $ $ $ $ $ $ $ Goodwill $ $ $ $ $ $ $ $ $ $ Total Assets $ $ $ $ $ $ $ $ $ $ Liabilities Accounts payable $ $ $ $ $ $ $ $ $ $ Accrued payroll & related benefits $ $ $ $ $ $ $ $ $ $ Other accrued liabilities $ $ $ $ $ $ $ $ $ $ Deferred Revenues $ $ $ $ $ $ $ $ $ $ Deferred income taxes $ $ $ $ $ $ (0.238) $ (0.512) $ (0.240) $ $ Note payable $ $ $ - $ - $ - $ - $ - $ - $ - Other Total Current Liabilities $ $ $ $ $ $ $ $ $ $ LT Deferred Revenues $ $ $ $ $ $ $ $ $ $ Deferred income taxes $ $ $ $ $ $ $ $ $ $ Note payable $ $ $ $ $ $ $ $ $ $ Other liabilities $ $ $ $ $ $ $ $ $ $ Total Liabilities $ $ $ $ $ $ $ $ $ $ Stockholders' equity $ (92.066) $ (92.724) $ (90.116) $ (20.907) $ (20.373) $ (21.036) $ (21.082) $ (20.562) $ (18.593) $ (10.345) Total Liabilities + Stockholder's Equity $ $ $ $ $ $ $ $ $ $ Balance Sheet Summary Current Ratio Book Value Per Share ($1.99) ($1.92) ($0.43) ($0.38) ($0.39) ($0.39) ($0.38) ($0.34) ($0.19) Cash Per Share $0.44 $0.62 $2.18 $2.19 $2.21 $2.47 $2.66 $3.03 $4.12 Net Cash Per Share $0.43 $0.62 $2.18 $2.19 $2.21 $2.47 $2.66 $3.03 $4.12 Return On Equity -29.8% -11.7% -7.3% -6.4% -3.9% -2.1% 1.4% -1.7% -8.8% -55.4% Return on Assets 3.4% 3.1% 3.1% 1.9% 0.8% 0.3% -0.1% 0.1% 0.5% 1.8% Working Capital, net ($18) ($13) ($11) ($10) ($10) ($14) ($15) ($15) ($16) ($19) Avg. Diluted Shares Outstanding Model Assumptions DSO (excluding deferred revenue) DSO (billings) Accounts Payable Days (off COGS) ST Deferred Costs (% of sales) 38% 38% 40% 41% 40% 45% 45% 45% 45% 45% LT Deferred Costs (% of sales) 37% 37% 40% 41% 45% 45% 45% 45% 45% 45% Accrued Expenses (as % of Sales) 19% 16% 9% 8% 8% 15% 15% 15% 15% 15% Source: BMO Capital Markets Research, company documents. Page 139 December 18, 2013

139 BMO Capital Markets Barracuda Networks Exhibit 11. Cash Flow Statement FY2012 FY2013 FY2014E FY2014E FY2015E FY2015E FY2016E ($ in millions) FY2012 FY2013 Q1-May-13 Q2-Aug-13 Q3-Nov-13E Q4-Feb-14E FY2014E Q1-May-14E Q2-Aug-14E Q3-Nov-14E Q4-Feb-15E FY2015E FY2016E Operating Activities non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap Net income $ (0.254) $ (8.185) $ (2.563) $ (2.378) $ (0.111) $ $ (4.518) $ (0.664) $ (0.046) $ $ $ $ Depreciation and amortization $ $ $ $ $ $ $ $ $ $ $ $ $ Stock-based comp $ $ $ $ $ $ - $ - Excess tax benefits from emlpoyee option plan $ (0.082) $ (1.687) $ (0.011) $ (0.214) $ (0.225) $ - $ - Loss on disposal of PP&E $ $ $ $ $ $ - $ - (Gain) loss on sale of marketable securities $ (0.852) $ $ - $ (5.514) $ (5.514) $ - $ - Deferred income taxes $ (11.367) $ (13.374) $ $ (0.039) $ $ $ (2.600) $ (0.274) $ $ $ (1.788) $ Other $ - $ - $ - $ - $ - $ - Changes in operating assets & liabilities Accounts receivable, net $ (4.025) $ (1.582) $ (1.200) $ $ (0.617) $ (3.017) $ (4.650) $ (9.381) $ $ (3.162) $ $ (6.167) $ (9.183) Inventory $ (1.219) $ $ (0.363) $ (1.152) $ (1.515) $ - $ - Income taxes $ $ $ (4.746) $ $ (0.514) $ - $ - Deferred costs $ (10.931) $ (10.214) $ (3.086) $ (3.502) $ (1.256) $ (2.071) $ (9.915) $ (5.515) $ (1.800) $ (1.620) $ (2.340) $ (11.275) $ (10.215) Other current assets $ $ (0.060) $ (0.513) $ (0.389) $ (0.902) $ - $ - Other non-current assets $ (0.172) $ (0.061) $ (0.207) $ $ $ - $ - Accounts payable and other liabilities $ $ $ (3.490) $ $ (1.055) $ $ (1.238) $ $ $ $ $ $ Accrued compensation $ $ $ (1.119) $ (0.764) $ (0.649) $ $ (2.500) $ $ $ $ $ $ Other accrued liabilities $ $ $ (0.554) $ $ (0.303) $ - $ - Other long-term liabilities $ (0.200) $ $ $ $ $ - $ - Deferred revenue $ $ $ $ $ $ $ $ $ $ $ $ $ Other $ - $ - Net Cash from Operations $ $ $ $ $ $ $ $ $ $ $ $ $ Investing Activities Purchases of marketable securities $ (1.666) $ - $ - $ - $ - $ - Proceeds from sales of marketable securities $ $ $ - $ - $ - $ - Investment in non-marketable securities $ (0.750) $ - $ - $ - $ - $ - Capital Expenditures $ (8.510) $ (4.722) $ (1.663) $ (2.866) $ (1.700) $ (1.700) $ (7.929) $ (2.000) $ (2.000) $ (2.000) $ (2.000) $ (8.000) $ (10.000) Purchase of intangible assets $ (0.366) $ - $ - $ (0.028) $ (0.028) $ - $ - Business combinations $ (1.017) $ (4.357) $ (6.176) $ (2.609) $ (8.785) $ - $ - Change in other assets $ - $ - $ - $ - $ - $ - Net Cash from Investing $ (11.120) $ (8.504) $ (7.839) $ (5.504) $ (1.700) $ (1.700) $ (16.743) $ (2.000) $ (2.000) $ (2.000) $ (2.000) $ (8.000) $ (10.000) Financing Activities Proceeds from issuance of common stock $ $ $ (0.472) $ (0.293) $ $ $ - $ - Dividends paid $ - $ ( ) $ (1.419) $ - $ (1.419) $ - $ - Proceeds from issuance of Series B stock $ - $ $ - $ - $ - $ - $ - Issuance costs on line of credit $ - $ (0.313) $ - $ - $ - $ - $ - Repurchase of common stock $ (1.186) $ ( ) $ (0.138) $ (0.585) $ (0.723) $ - $ - Excess tax benefits from employee stock-based option pla $ $ $ $ $ $ - $ - Repayment of emplioyee loans $ - $ - $ $ $ $ - $ - Payments under capital lease and long-term debt $ (0.081) $ (0.222) $ (0.056) $ (0.054) $ (0.110) $ - $ - Repayment of note payable $ (0.038) $ - $ - $ - $ - $ - $ - Purchase of noncontrolling interest $ (3.986) (0.200) Other $ - - $ $ - - $ $ - (0.147) $ $ - $ - $ - $ $ (0.147) $ - $ - Net Cash from Financings $ (5.048) $ ( ) $ (1.814) $ $ $ - $ $ - $ - $ - $ - $ - $ - Foreign Currency Impact $ (0.172) $ $ (0.105) $ $ (0.037) $ - $ - Net Increase / Decrease in Cash $ $ (96.412) $ (9.564) $ $ $ $ $ $ $ $ $ $ FCFE $ 35.4 $ 34.2 $ (1.6) $ 9.0 $ 7.0 $ 10.0 $ 24.4 $ 1.9 $ 14.8 $ 10.5 $ 21.3 $ 48.5 $ 64.0 y-o-y 3% -3% -117% 102% -47% 43% -29% -222% 64% 49% 114% 99% 32% FCFF $ 35.4 $ 34.7 $ (1.5) $ 9.0 $ 7.0 $ 10.0 $ 24.5 $ 1.9 $ 14.8 $ 10.5 $ 21.3 $ 48.5 $ 63.9 y-o-y 3% -2% -115% 97% -48% 40% -29% -231% 64% 49% 114% 98% 32% FCFF/Share $0.14 $0.19 $0.50 $0.04 $0.28 $0.19 $0.39 $0.90 $1.16 FCF Margin 22.0% 17.2% 10.6% 18.9% 21.4% Source: BMO Capital Markets Research, company documents. Page 140 December 18, 2013

140 Check Point Software (CHKP-NASDAQ) Stock Rating: Market Perform Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Initiating Coverage With a Market Perform Rating and $67 Price Target Investment Thesis In our view, Check Point is poised to benefit from the significant increase in security threats and data breaches, and increased customer spending intentions on network security. Our conversations with channel partners and customers indicate share losses and difficulty in acquiring net new customers, and we believe that Check Point is losing the near-term marketing war against some of its competitors. That said we believe the anniversary of its Appliance upgrade cycle, increased annuity blade penetration, and improving average selling price (ASP) should begin to translate into growth within the customer base. Expectations remain low, but we don t see a catalyst to drive the shares at current levels. Forecasts & Valuation Revenue remains under pressure, and margins are expected to remain relatively flat, which we believe hinders near-term earnings power. We model a 4.8% revenue and 6.7% non-gaap EPS CAGR through The anniversary of the company s appliance transition, which has been a drag on growth, could see a natural tailwind in FY2013 as refreshed appliance customers renew and add new blades. ASP should also improve owing to a better mix of high-end appliances. We believe that share buybacks and the potential for a more shareholderfriendly capital allocation should continue to support the shares at current levels. Recommendation We are initiating coverage of Check Point with a Market Perform rating and a $67 price target (based on our discounted cash flow and comparative multiple analyses), which equates to 17.3x our 2015 EPS estimate. Price (17-Dec) $ Week High $63.29 Target Price $ Week Low $44.41 Check Point Software (CHKP) Price: High,Low,Close(US$) Relative to S&P Volume (mln) Last Data Point: December 13, 2013 (FY-Dec.) 2012A 2013E 2014E 2015E EPS $3.19 $3.41 $3.59 $3.87 P/E 18.1x 17.2x 16.0x CFPS $3.71 $4.57 $4.68 $5.03 P/CFPS 13.5x 13.2x 12.3x Rev. ($mm) $1,343 $1,391 $1,469 $1,544 EV ($mm) $10,699 $10,699 $10,699 $10,699 EBITDA ($mm) $807 $819 $867 $915 EV/EBITDA 13.3x 13.1x 12.3x 11.7x Quarterly EPS Q1 Q2 Q3 Q4 2012A $0.74 $0.77 $0.79 $ E $0.79a $0.83a $0.85a $ E $0.82 $0.88 $0.89 $1.01 Dividend $0.00 Yield 0.0% Book Value $17.94 Price/Book 3.4x Shares O/S (mm) Mkt. Cap (mm) $12,028 Float O/S (mm) Float Cap (mm) $9,291 Wkly Vol (000s) 7,713 Wkly $ Vol (mm) $397,935 Net Debt ($mm) -$3,571 Next Rep. Date na Notes: All values in US$. Major Shareholders: First Call Mean Estimates: CHECK POINT SOFTWARE TECHNOLOGIES LTD (US$) 2013E: $3.41; 2014E: $3.63; 2015E: $ Page 141 December 18, 2013

141 BMO Capital Markets Check Point Software Investment Drivers Checks with partners and industry participants indicate few net new customers. Our recent checks suggest a marked increase in share losses to Palo Alto Networks over the last several months (in some cases, major Check Point customers). Many firewall RFPs today are geared toward next-generation firewalls (NGFW), and while Check Point s technology is incrementally improving, we believe it is still well behind that of Palo Alto, which is winning 85% of deals post technical evaluation, according to Palo Alto management. Check Point has to rely on growing sales to its existing customer base to drive long-term growth, which we believe will be difficult to attain in the near term. At the end of 2010, Check Point said that it had well north of 100,000 customers of all sizes and it was closer to 150,000 total customers. In any given quarter, Check Point sells to tens of thousands of customers. One hundred percent of the Fortune 100 companies and 98% of the Fortune 500 companies use Check Point security solutions. The company has an install base of 700,000 (not all are active) security gateway units (both software and appliances, with the majority still software). The Nokia acquisition in 2009 brought in a base of 220,000 IP Series appliances installed with 23,000+ customers. Appliance transition hitting its anniversary; should become tailwind. In late 2011, the company began launching higher performance appliances that offer better price performance in an effort to get its install base on a platform (R75 or newer) capable of spurring the adoption of its security blades. This negatively affected product revenue through the mix shift to lower ASP appliances. Additionally, as customers move to the new platform, there is a true-up of the service contracts, resulting in new service contracts to be amortized over 12 months, exasperating slowing growth rates. As this transition anniversaries, we could see a natural tailwind in FY2013 as refreshed appliance customers renew and add new blades. ASP should start to improve due to better mix. The company is beginning to see improving ASP being driven by a more favorable mix toward the company s and product lines. Many customers have chosen to deploy these newer, higher-end models instead of lower-end ones. Low-end appliances are also performing well. Blade adoption could increase with refreshed appliance base. The biggest business driver over the last several years has been the increasing annuity blade base (24% of services revenues), which has been moving the needle, but growth has slowed from 71% in 2010 to an estimated 20% in FY2013. Check Point is incentivizing customers to adopt blades by bundling them, thus getting customers to start using the blades, and renewal rates have been increasing slightly on bundled blades to 65%. Focus on investment and pressure on revenues could hinder near-term earnings power. Revenue remains under pressure, and margins are expected to remain relatively flat. We believe that Check Point is losing the near-term marketing war against some of its competitors. Investments are in research and development (R&D) and sales and marketing (S&M), and we expect this investment to mitigate some of the mind share losses. Buybacks should continue to support the shares. After spending approximately $128 million on share repurchases last quarter, we expect management to continue to aggressively repurchase shares. The company has approximately $450 million remaining on its $1 billion buyback program. Page 142 December 18, 2013

142 BMO Capital Markets Check Point Software We don't rule out acquisitions. While, historically, management has been price sensitive and very selective with acquisitions, we wouldn't rule out the company using its cash rich position to buy security technologies to grow its total addressable market. Market Backdrop Currently, network security is at a crossroads as once-viable solutions are now incapable of stopping the growing tide of data breaches owing to the multitude of vulnerabilities they leave that are taken advantage of by attackers; moreover, the quality and effectiveness of these attacks has increased significantly. Despite billions of dollars having been spent over the past decade on stateful firewalls (any firewall that performs stateful packet inspection of network connections) and point solutions complementing them (IPS, web filtering, security web gateways, UTMs, and others), corporate breaches are at elevated levels, in our opinion. The biggest development in network security, in our view, has been the development of nextgeneration security, spearheaded by Palo Alto Networks. Next-generation security (NGFW) is the convergence (as opposed to integration; i.e., UTM) of multiple security functions (firewall, IPS, secure Web gateway) on a single-engine appliance. The basis of NGFW is the evolution of firewalls to encompass IPS and secure web gateways. The security landscape is supportive of healthy budgets. Security spending tends to be nondiscretionary. The threat landscape is on red alert, and recent data breaches evidence the growing importance of protecting data center assets. Security Software makes up about 8% of overall enterprise software spending. Gartner projects that, by 2017, total security spending (total security spending less security services) will increase to $39.1 billion from $27.7 billion in 2012, representing a five-year CAGR of 7.2%. Our research shows continued strong spending intentions on network security. Gartner estimates that total network security equipment spending will increase 6.6% in 2013 to $8.6 billion, with VPN/firewall equipment making up approximately 75% of the total spend on network security. Spending on firewalls is also expected to be the fastest growing area in network security, growing at an estimated 10% CAGR through Additionally, we expect NGFW to outpace overall network security growth, as it cannibalizes spending from existing network and infrastructure protection categories. Company Background Check Point started as a pure software company but has transitioned to an appliance model over the last several years; now, appliances represent 80% of product revenues (appliance list prices range from the hundreds to the hundreds of thousands of dollars). Check Point develops, markets, and supports a wide range of software, as well as combined hardware and software products and services for IT security, including an extensive portfolio of network and gateway security solutions, data and endpoint security solutions, and management solutions. Check Point was an industry pioneer with its FireWall-1 and its patented Stateful Inspection technology. Check Point has recently extended its IT security portfolio with the development of a Software Blade architecture. Products and services are sold to enterprises, service providers, small and mediumsized businesses (SMB), and consumers. Page 143 December 18, 2013

143 BMO Capital Markets Check Point Software The company historically has been focusing on large enterprise accounts, and the introduction of appliances and software blades has led to a significant increase in deal sizes as the company now sells both software and hardware, is expanding its footprint, and is upselling to blades. Large deals contribute 10%-20% of overall business in any given quarter. Large enterprises constitute the majority of revenues even though a significant number of units are shipped to the mid-market and small enterprises. The company has close to 150,000 accounts of all sizes, and in any given quarter, it sells to tens of thousands of customers and adds 1,000 new customers. The company has an install base of 700,000 (not all are active) security gateway units (both software and appliances, with the majority still software), and the Nokia acquisition in 2009 brought in a base of 80,000 IP Series appliances. The company is trying to more deeply penetrate the up to 5,000 employee SMB segment of the market, where the opportunity is very large, but the go-to-market strategy here is still evolving. The biggest verticals are financials (18%-22% of revenues), telcos, technology, and government. Appliances The company offers the Check Point DataCenter, VSX virtualized security gateway, Check Point Power-1 appliances, the Nokia IP series appliances, the mid-market UTM-1 appliances, the Smart-1 security management appliances, Series 80 branch office appliances, and several other product lines. Over the past several years, Check Point has started moving its large install base from the old R65 to the R75 (launched February 2011) and newer software blade architectures, allowing the company to upsell more software blades. During 3Q2013, the company released the R77 version of its Software Blade Architecture, which delivered more than 50 product enhancements, including the new HyperSpect performance technology, which increases performance of advanced security operation by more than 50% on the same gateway. Blades Blades are sold bundled with the product (embedded) or à la carte. Currently, the company has more than 40 blades in its portfolio, both network and endpoint. The company sells annuity blades and capital/perpetual blades (a customer buys only one blade). Annuity blades are subscription based, and revenues are recognized in services revenues, while perpetual-blade revenues are included in the basic product revenues. Blade products that were launched in the last few years have been sold as subscription, including IPS, Application Control, Anti-Bot, and new threat emulation for advanced persistent threats, and others. Check Point is incentivizing customers to adopt blades by bundling them, thus getting customers to start using the blades. Check Point charges significantly less than competing stand-alone products, but the blades tend be competitive in terms of functionality. Every new product or new appliance that Check Point sells comes with a certain set of blades. Beyond these basic packages, customers can add other blades. This strategy of pre-building blades allows the company to get more business in the initial sale and to increase the renewal rate. Renewal rates have been increasing slightly on bundled blades to about 65%. Page 144 December 18, 2013

144 BMO Capital Markets Check Point Software New Products Check Point continues to innovate and has recently released several new products to market, including the following: Check Point Security Gateway R77 incorporates more than 50 product enhancements, including the new ThreatCloud Emulation Service, Check Point HyperSpect performance enhancing technology, and Check Point Compliance Software Blade. R77 enables customers to take advantage of their comprehensive security platform to attain high levels of security with a lower total cost of ownership. Check Point Threat Emulation prevents infections from undiscovered exploits, zero-day, and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox across multiple OS versions to discover malicious behavior and prevent discovered malware from entering the network. Threat Emulation is available as a software blade or Private Cloud Emulation Appliance leveraging the ThreatCloud Emulation Service Data Center Appliance Launch leverages Check Point HyperSpect, which maximizes hardware utilization, and delivers 23.6 Gbps of real-life firewall throughput, 5.7 Gbps of reallife IPS throughput, and 3,200 SecurityPower unit (SPU) rating. Balance Sheet and Capital Allocation Check Point has $3.571 billion in cash on its balance sheet, or $17.86 per share. After spending approximately $128 million on share repurchases last quarter, we expect management to continue to aggressively repurchase shares. The company has approximately $450 million remaining on its $1 billion buyback program. Current Outlook Revenue remains under pressure, and margins are expected to remain relatively flat, which we believe will hinder near-term earnings power. The anniversary of the company s appliance transition, which has been a drag on growth, could see a natural tailwind in FY2013 as refreshed appliance customers renew and add new blades. ASP should also improve owing to better mix of high-end appliances. Exhibit 1. BMO vs. Consensus 4Q 2013E 2013E 2014E 2015E ($M, except EPS) BMO Guidance Street BMO Guidance Street BMO Street BMO Street Revenues $384 $365 $395 $393 $1,391 $1372 $1402 $1,390 $1,469 $1,472 $1,544 $1,548 y/y 4.2% 6.6% 3.6% 3.5% 5.6% 5.8% 5.1% 5.2% EBIT $223 $810 $857 $905 margin 58.0% 58.3% 58.4% 58.6% EPS $0.95 $0.90 $0.98 $0.95 $3.41 $3.36 $3.44 $3.41 $3.59 $3.63 $3.87 $3.92 Source: BMO Capital Markets Research, Thomson Reuters. Page 145 December 18, 2013

145 BMO Capital Markets Check Point Software Exhibit 2. DCF Analysis Valuation Our 10-year DCF analysis makes the following key assumptions, resulting in a long-term price of $67.00, implying a 9% premium to current levels: Revenue CAGR of 3%. EBIT margin slowly increasing to 60.4%. 8.0% WACC. 7.0x terminal cash flow multiple. Tax rate of 22%. ($in millions, except per share) FY2014E FY2015E FY2016E FY2017E FY2018E FY2019E FY2020E FY2021E FY2021E FY2021E TV CAGR Revenues $1,469 $1,544 $1,606 $1,654 $1,687 $1,721 $1,755 $1,790 $1,826 $1,862 $1,881 3% Growth 5.6% 5.1% 4.0% 3.0% 2.0% 2.0% 2.0% 2.0% 2.0% 2.0% 1.0% EBIT $857 $905 $945 $976 $999 $1,023 $1,047 $1,071 $1,096 $1,122 $1,137 3% EBIT Margin 58.4% 58.6% 58.8% 59.0% 59.2% 59.4% 59.6% 59.8% 60.0% 60.2% 60.4% Taxed EBIT $669 $706 $737 $762 $780 $798 $816 $836 $855 $875 $887 Depreciation $9 $10 $10 $11 $11 $11 $11 $11 $12 $12 $12 CapEx ($10) ($11) ($11) ($12) ($12) ($12) ($13) ($13) ($13) ($13) ($13) Change in Working Capital $227 $236 $209 $215 $202 $206 $193 $197 $201 $205 $207 Free Cash Flow $895 $941 $945 $975 $981 $1,003 $1,008 $1,031 $1,055 $1,079 $1,092 2% Growth 5% 0% 3% 1% 2% 1% 2% 2% 2% 6% Discounted FCF $829 $807 $750 $717 $667 $632 $588 $557 $528 $500 Cumulative cash flow $6,575 67% Tax Rate 22% WACC Cash Flow Multiple Terminal Value $3,280 33% WACC 8.0% $ x 7.0x 8.0x 9.0x 10.0x 11.0x Total DCF value $9, % Cash Flow 7.0x 6.0% $71.3 $74.2 $77.1 $79.9 $82.8 $85.7 Debt $0 Multiple 7.0% $67.9 $70.5 $73.1 $75.7 $78.3 $80.9 Cash $3, % $64.8 $67.1 $69.5 $71.8 $74.2 $76.5 Market Value of Equity $13, % $62.0 $64.1 $66.2 $68.3 $70.4 $72.6 Shares Outstanding % $59.4 $61.3 $63.2 $65.1 $67.0 $69.0 Share Price $ % $57.0 $58.7 $60.5 $62.2 $63.9 $65.7 Current Price $61.84 upside/(downside) 9% Source: BMO Capital Markets Research, company documents. CHKP shares are trading at 17.2x our 2014 EPS estimate, which is slightly above the company s five-year average of 15.7x. We believe the shares are reasonably valued at these levels, considering weak near-term visibility and because both revenue and earnings growth are expected to come in below the company s long-term average. Our $67 price target is based on 17.3x our 2015 EPS estimate. Page 146 December 18, 2013

146 BMO Capital Markets Check Point Software Exhibit 3. Peer Analysis (in Millions, Except Per Share Data) Recent Cash/ EV/Sales P/E Revenue Growth Ticker Rating Price EV Share FY1E FY2E FY1E FY2E FY0-FY1E FY1E-FY2E Check Point Software Technologies Ltd CHKP MarketPerform $61.84 $8,794 $ x 6.0x 18.1x 17.2x 3.6% 5.6% vs Security -4% 8% NA NA vs Networking 231% 231% 6% 13% vs Large Cap benchmarks 167% 161% 67% 63% Security Barracuda Networks Inc CUDA Outperform $25.83 $1,267 $ x 4.9x NM NM 15.6% 11.5% FireEye Inc FEYE NC $38.87 $4,369 $ x 17.6x NM NM 89.3% 57.7% Fortinet Inc FTNT NC $17.88 $2,503 $ x 3.7x 38.8x 31.8x 13.2% 13.5% Imperva Inc IMPV Outperform $45.75 $1,012 $ x 5.9x NM NM 31.0% 26.4% Palo Alto Networks Inc PANW NC $55.84 $3,566 $ x 4.9x NM NM 41.4% 31.3% Proofpoint Inc PFPT NC $29.29 $969 $ x 5.9x NM NM 24.8% 24.5% Qualys Inc QLYS MarketPerform $23.31 $744 $ x 5.8x NM NM 18.0% 18.4% Average 6.6x 5.5x NA NA 19.5% 18.1% Networking Cisco Systems Inc CSCO Outperform $20.92 $81,561 $ x 1.7x 10.6x 10.1x -4.5% 4.0% F5 Networks Inc FFIV Outperform $84.25 $6,107 $ x 3.3x 16.6x 14.5x 12.3% 12.6% Juniper Networks Inc JNPR MarketPerform $20.96 $8,812 $ x 1.8x 17.1x 15.2x 5.8% 5.6% Average 1.9x 1.8x 17.1x 15.2x 5.8% 5.6% Large cap benchmarks Microsoft Corp MSFT NC $36.52 $243,136 $ x 2.7x 12.5x 11.6x 7.5% 6.6% Ca Inc CA NC $32.48 $13,596 $ x 3.0x 10.8x 12.6x -3.0% 1.2% Cisco Systems Inc CSCO Outperform $20.92 $81,561 $ x 1.7x 10.6x 10.1x -4.5% 4.0% International Business Machines Corp IBM MarketPerform $ $218,677 -$ x 2.2x 10.4x 9.8x -4.0% 0.9% Hewlett-packard Co HPQ MarketPerform $27.45 $63,677 -$ x 0.6x 7.5x 7.3x -2.9% -0.6% Symantec Corp SYMC MarketPerform $23.00 $14,523 $ x 2.2x 12.9x 12.3x -3.7% 1.0% Oracle Corp ORCL Outperform $33.63 $151,435 $ x 3.8x 11.5x 10.4x 3.0% 5.0% Average 2.4x 2.3x 10.9x 10.6x -1.1% 2.6% (Fishbein - CUDA, CHKP, QLYS, IMPV, ORCL) (Long - CSCO, FFIV, JNPR) (Bachman - IBM, HP)(NC = Not covered. Thomson data for not covered companies) *Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Research, Thomson Reuters. Stock prices as of the close on December 17, Risks Customer spending intentions on security could subside. Spending intentions on security by customers have increased at a healthy clip, especially around network security and data protection. Should the threat environment stabilize or subside and current technologies catch up with increasingly sophisticated threats, customer purchase intentions could subside. General economic conditions. A renewed economic downturn could have negative consequences for the industry. Customers may be forced to lower budgets again, slowing purchases for all security segments. Competition. Disruptive new network security architectures such as the one offered by Palo Alto Networks could disrupt the market and the solutions offered by Check Point. Additionally, Cisco s acquisition of Sourcefire could help stem its share losses and increase its competitiveness against Check Point. Pricing pressure. As technology matures and standardization across platforms makes it easier for customers to switch providers, pricing pressure is inevitable. Although we believe that increased functionality will offset some of these pressures, vendors and solution providers will increasingly be challenged to offer differentiated products. M&A risk. The company has made only five acquisitions over the past several years, mostly technology tuck-ins; however, the Nokia appliance and PointSec acquisitions were sizeable. The company remains open to M&A, and recently has expressed interest in acquisitions to augment its endpoint business. Larger M&A could pose integration risks and disrupt the existing business. Page 147 December 18, 2013

147 BMO Capital Markets Check Point Software Financial Models Exhibit 4. Income Statement CheckPoint Income Statement FY2013E FY2014E ($ in millions except per share) FY2012 3/31/2013 6/30/2013 9/30/ /31/2013E FY2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E FY2014E FY2015E Revenue by Segment Product Revenue $ $ $ $ $ $ $ $ $ Support and Services Revenue $ $ $ $ $ $ $ Total Revenue $ 1, $ $ $ $ $ 1, $ $ $ $ $ $ $ $ $ $ $ 1, $ $ 1, $ 1, Year-Over-Year Growth: Product Revenue 0.4% -3.3% -1.9% 0.0% 1.0% -0.9% 3.0% 3.0% 3.0% 3.0% 3.0% 3.5% Support and Services Revenue 12.6% 6.5% 6.8% 5.5% 6.5% 6.3% 7.0% 7.0% 7.0% 7.0% 7.0% 6.0% Total 7.7% 3.1% 3.5% 3.5% 4.2% 3.6% 5.7% 5.6% 5.6% 5.4% 5.6% 5.1% Non-GAAP COGS - Product $ $ $ $ $ $ $ $ $ Non-GAAP COGS - Support and Service $ $ $ $ $ $ $ $ $ Total Non-GAAP Cost of Revenues $ $ $ $ $ $ $ $ $ Non-GAAP Gross Profit $ 1, $ $ $ 1, $ $ $ $ $ 1, $ 1, Non-GAAP Operating Expenses Research & Development $ $ $ $ $ $ $ $ $ Sales & Marketing $ $ $ $ $ $ $ $ $ General & Administrative $ $ $ $ $ $ $ $ $ Total Non-GAAP Operating Expenses $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Income $ $ $ $ $ $ $ $ $ $ $ $ (+) Depreciation Non-GAAP EBITDA Interest income and other expense, net Non-GAAP Earnings Bef.Taxes Provision for Income Taxes Non-GAAP Tax Rate 20.4% 19.5% 19.7% 19.5% 19.5% 19.6% 22.0% 22.0% 22.0% 22.0% 22.0% 22.0% Non-GAAP Net Income (1) $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP EPS 3.19 $ 0.79 $ 0.83 $ 0.85 $ $ 0.82 $ 0.88 $ 0.89 $ Avg. Diluted Shares Outstanding (1) Non-GAAP excludes: amortization, restructuring, impairments, and stock-based comp. Revenue Analysis: Product licenses 37.6% 33.0% 35.5% 35.2% 39.7% 36.0% 32.2% 34.6% 34.3% 38.8% 35.1% 34.6% Support and Services 62.4% 67.0% 64.5% 64.8% 60.3% 64.0% 67.8% 65.4% 65.7% 61.2% 64.9% 65.4% Expense Analysis: Non-GAAP Product 17.2% 17.7% 17.3% 17.9% 17.9% 17.7% 17.8% 17.8% 17.8% 17.8% 17.8% 17.8% Non-GAAP Support and Services 8.0% 8.2% 8.2% 8.1% 8.1% 8.1% 8.1% 8.1% 8.1% 8.1% 8.1% 8.1% Cost of Revenues 11.5% 11.3% 11.4% 11.6% 12.0% 11.6% 11.2% 11.5% 11.4% 11.9% 11.5% 11.5% R&D 7.7% 8.5% 7.8% 8.1% 7.8% 8.0% 8.2% 7.8% 8.0% 7.7% 7.9% 7.8% Sales & Marketing 18.1% 18.3% 19.6% 18.9% 19.3% 19.0% 19.6% 19.2% 19.3% 18.5% 19.1% 19.0% General & Administrative 3.2% 3.4% 3.0% 3.1% 3.0% 3.1% 3.2% 3.1% 3.2% 2.9% 3.1% 3.1% Depreciation 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% 0.6% Margin Analysis: Non-GAAP Product Gross Margin 82.8% 82.3% 82.7% 82.1% 82.1% 82.3% 82.2% 82.2% 82.2% 82.2% 82.2% 82.2% Non-GAAP Support and Services Gross 92.0% 91.8% 91.8% 91.9% 91.9% 91.9% 91.9% 91.9% 91.9% 91.9% 91.9% 91.9% Non-GAAP Gross Margin 88.5% 88.7% 88.6% 88.4% 88.0% 88.4% 88.8% 88.5% 88.6% 88.1% 88.5% 88.5% Non-GAAP Operating Margin 59.5% 58.6% 58.2% 58.3% 58.0% 58.3% 57.7% 58.4% 58.2% 59.1% 58.4% 58.6% EBITDA Margin 60.1% 59.2% 58.8% 59.0% 58.6% 58.9% 58.3% 59.1% 58.8% 59.7% 59.0% 59.3% Non-GAAP Tax Rate 20.4% 19.5% 19.7% 19.5% 19.5% 19.6% 22.0% 22.0% 22.0% 22.0% 22.0% 22.0% Non-GAAP Net Margin 49.7% 49.4% 48.5% 49.1% 48.8% 48.9% 47.2% 47.7% 47.5% 48.0% 47.6% 47.9% Sequential Growth Rates: Total Revenue (12.4%) 5.4% 1.2% 11.7% (11.2%) 5.3% 1.2% 11.5% Gross Profit (11.8%) 5.3% 1.0% 11.1% (10.5%) 5.0% 1.2% 10.9% Total Non-GAAP Operating Expenses (4.5%) 6.5%.1% 11.5% (8.2%) 2.1% 2.1% 6.5% Non-GAAP Operating Margin -15.2% 4.6% 1.5% 10.9% -11.6% 6.6%.7% 13.2% Non-GAAP Net Income (13.9%) 3.6% 2.3% 10.9% (14.2%) 6.5%.8% 12.7% Year-Over-Year Growth: Total Revenue 7.7% 3.1% 3.5% 3.5% 4.2% 3.6% 5.7% 5.6% 5.6% 5.4% 5.6% 5.1% Gross Profit 7.7% 3.1% 3.4% 3.3% 4.2% 3.5% 5.8% 5.5% 5.7% 5.6% 5.7% 5.2% Operating expenses 3.2% 6.9% 5.7% 4.6% 13.5% 7.7% 9.1% 4.6% 6.7% 1.9% 5.4% 4.3% Non-GAAP Operating Income 10.0% 1.3% 2.2% 2.7% (.1%) 1.4% 4.1% 6.0% 5.3% 7.5% 5.8% 5.6% Non-GAAP Net Income 8.9% 1.5% 2.0% 2.9% 1.2% 1.9% 1.0% 3.8% 2.2% 3.9% 2.7% 5.7% Non-GAAP EPS 11.3% 6.5% 7.8% 8.1% 4.6% 6.7% 4.0% 6.1% 4.4% 6.1% 5.2% 8.0% Source: BMO Capital Markets Research, company documents. Page 148 December 18, 2013

148 BMO Capital Markets Check Point Software Exhibit 5. Balance Sheet ($ in millions) FY2012 FY2013E FY2014E FY2015E Assets 12/31/2012 3/31/2013 6/30/2013 9/30/ /31/2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E 12/31/2015E Cash and Cash Equivalents $ $ $ $ $ 1, $ 1, $ 1, $ 1, $ 1, $ 2, Marketable securities and short-term deposits $ $ 1, $ 1, $ 1, Trade receivables, net $ $ $ $ $ $ $ $ $ $ Prepaid expenses and other current assets $ $ $ $ $ $ $ $ $ $ Total Current Assets $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 2, $ 2, $ 2, Marketable securities $ 1, $ 2, $ 2, $ 2, $ 2, $ 2, $ 2, $ 2, $ 2, $ 2, Property and equipment, net $ $ $ $ $ $ $ $ $ $ Severance pay fund $ $ $ $ $ $ $ $ $ $ Deferred tax asset, net $ $ $ $ $ $ $ $ $ $ Other intangible assets, net $ $ $ $ $ $ $ $ $ $ Goodwill $ $ $ $ $ $ $ $ $ $ Other assets $ $ $ $ $ $ $ $ $ $ Total Assets $ 4, $ 4, $ 4, $ 4, $ 4, $ 5, $ 5, $ 5, $ 5, $ 5, Liabilities Current portion of deferred revenue $ $ $ $ $ $ $ $ $ $ Trade payables and other accrued liabilities $ $ $ $ $ $ $ $ $ $ Total Current Liabilities $ $ $ $ $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, Long-term deferred revenues $ $ $ $ $ $ $ $ $ $ Income tax accrual $ $ $ $ $ $ $ $ $ $ Deferred tax liability, net $ - $ $ $ $ $ $ $ $ $ Accrued severance pay $ $ $ $ $ $ $ $ $ $ Total Liabilities $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, $ 1, Stockholders' Equity $ 3, $ 3, $ 3, $ 3, $ 3, $ 3, $ 3, $ 3, $ 3, $ 4, Total Liabilities + Stockholder's Equity $ 4, $ 4, $ 4, $ 4, $ 4, $ 5, $ 5, $ 5, $ 5, $ 5, % Change Y/Y Cash and Cash Equivalents 14.4% 12.9% 11.5% 12.9% 14.0% 11.0% 11.3% 11.3% 11.8% 11.7% Receivables 4.6% 13.5% 5.8% 6.5% (9.9%) 8.3% 11.9% 8.6% 5.4% 3.7% Deferred Revenue 6.8% 8.1% 8.2% 12.0% 14.2% 13.9% 13.6% 13.5% 11.9% 10.9% Balance Sheet Summary Current Ratio Book Value Per Share $16.38 $16.78 $17.09 $17.56 $17.97 $18.27 $18.62 $18.99 $19.48 $21.27 Cash Per Share $7.36 $17.39 $17.86 $6.34 $6.84 $7.67 $8.03 $8.60 $9.28 $12.09 Return On Equity 34.0% 35.1% 34.3% 19.9% 34.1% 33.9% 33.1% 19.1% 32.9% 32.1% Return on Assets 25.5% 26.0% 25.2% 14.4% 24.5% 24.2% 23.5% 13.5% 23.0% 22.4% Working Capital, net $75.0 ($84.4) ($110.2) ($127.7) ($51.2) ($172.5) ($193.6) ($261.0) ($198.5) ($352.2) Avg. Diluted Shares Outstanding Model Assumptions DSO (Revenue) Accounts Payable Days (off COGS ) Accrued Expenses (as % of Sales) 2.8% 3.3% 3.1% 3.1% 3.0% 3.0% 3.0% 3.0% 3.0% 3.0% Source: BMO Capital Markets Research, company documents. Page 149 December 18, 2013

149 BMO Capital Markets Check Point Software Exhibit 6. Cash Flow Statement FY2012 FY2013E FY2013E FY2014E FY2014E FY2015E ($ in millions) FY2012 3/31/2013 6/30/2013 9/30/ /31/2013E FY2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E FY2014E FY2015E Operating Activities non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap Net income $ $ $ $ $ $ $ $ $ $ $ $ Depreciation and amortization of property, plant and equipment $ $ $ $ $ $ $ $ $ $ $ $ Other than temporary impairment of marketable securities, net $ - $ - $ - $ - Acquisition of in-process research and development $ - $ - $ - $ - Realized gain on marketable securities $ (1.436) $ (1.114) $ $ (0.226) $ (1.300) $ - $ - Stock-based compensation $ $ $ $ $ $ - $ - Amortization of intangible assets $ $ $ $ $ $ - $ - Excess tax benefits from share-based compensation $ (11.129) $ (4.171) $ (1.934) $ (3.075) $ (9.180) $ - $ - Deferred income taxes $ (1.454) $ (3.213) $ (1.054) $ (5.012) $ (1.164) $ (10.443) $ $ $ $ $ $ Net change in assets and liabilitites, excl. acquisitions Decrease (increase) in trade and other receivables, net $ (11.746) $ $ $ $ (80.195) Increase in deferred revenues, trade payables and other accrued liabilities $ $ $ $ $ $ $ $ $ (76.344) $ $ $ $ $ $ (18.235) $ (13.203) $ $ $ Net Cash from Operations $ $ $ $ $ $ $ $ $ $ $ $ 1, Investing Activities Cash paid in conjunction with acquisitions, net of acquired cash $ - $ - $ - $ - Investment in property and equipment $ (8.195) $ (2.582) $ (2.044) $ (2.759) $ (2.000) $ (9.385) $ (2.500) $ (2.500) $ (2.500) $ (2.500) $ (10.000) $ (11.000) Net Cash from Investing $ (8.195) $ (2.582) $ (2.044) $ (2.759) $ (2.000) $ (9.385) $ (2.500) $ (2.500) $ (2.500) $ (2.500) $ (10.000) $ (11.000) Financing Activities Proceeds from issuance of shares upon exercise of options $ $ $ $ $ $ - $ - Purchase of treasury shares $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) Excess tax benefit from stock-based compensation $ $ $ Net Cash from Financings $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) $ ( ) Unrealized gain on marketable securities, net $ (0.012) $ (21.276) $ Net Increase / Decrease in Cash $ $ $ $ $ $ $ $ $ $ $ $ FCFE $ $ $ $ $ $ $ $ $ $ $ $ y-o-y 14% 20% 30% 8% 9% 17% -15% -7% 18% 14% 0% 5% FCFF $ $ $ $ $ $ $ $ $ $ $ $ y-o-y 15% 22% 32% 8% 9% 18% -15% -8% 19% 15% 0% 5% FCFF/Share $ 3.71 $ 1.59 $ 0.98 $ 0.93 $ 1.06 $ 4.57 $ 1.39 $ 0.92 $ 1.13 $ 1.24 $ 4.68 $ 5.03 Source: BMO Capital Markets Research, company documents. Page 150 December 18, 2013

150 Imperva (IMPV-NYSE) Stock Rating: Outperform Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Initiating Coverage With an Outperform Rating and $52 Price Target Investment Thesis We believe Imperva is poised to realize above-market growth rates for the foreseeable future, driven by both need for security solutions to protect web applications and secure the data center. With the current threat landscape on red alert, and given the continued struggle on the part of organizations to comply with regulatory compliance requirements such as PCI DSS, SOX, and HIPAA, we believe the momentum will continue. The recent increase in data breaches is proving that traditional security solutions alone are not sufficient, and Imperva s integrated approach to secure the data itself is highly differentiated, in our view. Imperva, based on its SecureSphere technology (an end-to-end solution that directly protects high-value applications and data assets in the data center) should continue to realize above-market revenue growth and margin expansion, and new product offerings and channel leverage should scale the business model. Forecasts & Valuation Imperva is pioneering the third pillar of enterprise security, called data center security. Through an integrated data center security platform, Imperva provides the protection, visibility, and control needed to protect an organization s precious data assets right where they reside. We believe that Imperva should be able to sustain elevated growth rates (25.5% CAGR FY2012-FY2015) with expanding margins (404 bp FY2012-FY2015), driven by increased distribution, better sales execution, new product offerings, and increased ASPs. Recommendation We are initiating coverage with an Outperform rating and $52 price target, which is based on 5.7 times our 2015 EV/sales estimate. We believe a premium valuation is reasonable, given Imperva s superior growth characteristics, the large and underpenetrated market opportunity, and its best-of-breed product portfolio. Price (17-Dec) $ Week High $52.60 Target Price $ Week Low $29.66 Imperva (IMPV) Price: High,Low,Close(US$) Relative to S&P Volume (mln) Last Data Point: December 16, 2013 (FY-Dec.) 2012A 2013E 2014E 2015E EPS - $ $0.12 $0.10 $0.19 P/E na nm nm CFPS $0.06 $0.15 $0.41 $0.74 P/CFPS nm nm 61.8x Rev. ($mm) $104 $137 $173 $206 EV ($mm) $947 $947 $947 $947 EBITDA ($mm) $1 $0 $7 $10 EV/EBITDA x x 133.3x 92.4x Quarterly EPS Q1 Q2 Q3 Q4 2012A -$0.12 -$0.02 $0.00 $ E -$0.13a -$0.10a -$0.01a $ E -$0.07 -$0.02 $0.06 $0.13 Dividend $0.00 Yield 0.0% Book Value $3.38 Price/Book 13.5x Shares O/S (mm) 24.5 Mkt. Cap (mm) $1,119 Float O/S (mm) 18.3 Float Cap (mm) $838 Wkly Vol (000s) 1,110 Wkly $ Vol (mm) $45,718 Net Debt ($mm) -$107 Next Rep. Date na Notes: All values in US$. First Call Mean Estimates: IMPERVA INC (US$) 2013E: -$0.13; 2014E: $0.12; 2015E: $ Page 151 December 18, 2013

151 BMO Capital Markets Imperva Investment Drivers The database (5%-20% penetrated), web (5%-20% penetrated), and file security markets are all in early stages. The three main markets Imperva sells into are still in their infancy, and our market analysis estimates Imperva s opportunity at over $1 billion. This figure excludes deeper penetration of existing enterprise accounts and new products. Up-sell and cross-sell opportunities combined with expansion into new verticals. Imperva has the opportunity to grow the sales of its core products (web, database) in the enterprise market, as well as drive new sales in its new product lines (file security), which is levered to unstructured data growth. Further, it is entering new verticals such as the SMB (Incapsula), the mid-market (Imperva Cloud WAF), MSSPs, and Hosters. Exceptional performance and execution. Imperva is a pacesetter in the data security market. The company has grown at an exceptional rate (35% revenue CAGR from 2007 to 2012) and is poised to continue to grow at well above market growth of 8%-10% with its innovative approach to security. We forecast 26.4% and 19.4% growth in 2014 and 2015, respectively. Our recent discussions with the company s channel partners indicate that Imperva continues to see accelerating demand. Win rates for database security and web application firewall (WAF) remain very strong, translating into larger deal sizes and a pipeline growing faster than revenues. Up-sell and cross-sell opportunities. We believe there is an opportunity to add new product families within the existing customer base that has purchased a single product from the existing product suite. Imperva is driving deeper account penetration by increasing sales reps/geo coverage and has introduced higher quotas due to additional product lines and channel investments. Expansion into new market segments and verticals. Imperva has traditionally sold to large enterprises. It is now entering new market segments and verticals such as the SMB (via its Incapsula subsidiary), the mid-market (via the Imperva Cloud WAF), Managed Security Service Providers (MSSPs,), and Hosters. Ramping sales reps. Imperva is ramping its salesforce to support its rapid growth. Additionally, many of the current salesforce are young in tenure and should begin to realize sales productivity gains as they garner more experience. Leveraging a well-diversified channel. Imperva is leveraging the channel for account acquisition and is making further investments in channel enablement. The company has more than 350 channel partners. More than 60% of business is originated via partners, while more than 90% is fulfilled by partners. The channel base is diversified and includes VARs (Accuvant, Fishnet, Integralis), Global Channels (Wipro, Dimension Data, Verizon Business), and MSSPs launched in 2008 now represent ~7% of revenues (grew 20% in 3Q and is up 200% last four quarters). Seasoned management team. Prior to founding Imperva, CEO Shlomo Kramer co-founded Check Point Software Technologies in 1993, serving various executive roles and acting as a member of the board until He also participated as an early investor and board member on a number of security and enterprise software companies, including Palo Alto Networks, Trusteer, Confidela, Worklight, Incapsula, and SumoLogic. We have confidence in the company s extremely experienced management team to continue to introduce next-generation product innovations and execute in the current threat landscape. Page 152 December 18, 2013

152 BMO Capital Markets Imperva Timing of margin expansion plans still an uncertainty. Management has been accelerating headcount additions primarily in sales and marketing to take advantage of increasing demand. Longer term, we believe the company can get to a mid-20s operating margin. However, as long as Imperva continues to see strong demand, we believe management will be inclined to invest in the business, making the timing of future margin expansion uncertain. Market Backdrop Security landscape is supportive of healthy budgets. Security spending tends to be nondiscretionary. The threat landscape is on red alert and recent data breaches are evidence of the growing importance of protecting data center assets. Imperva remains the best-of-breed pure-play leader in the growing DAM and WAF markets (~50/50 in terms of bookings), in our opinion. Next-generation threats need next-generation technologies. In 2012, 76% of data breaches came from the database, web, and other servers, while 95%+ of the $27 billion spent on security did not directly address data security. Based on the unique product set, we believe Imperva will continue to be a direct beneficiary of the growth of next-generation threats. Strong win rates and cross-sales highlight the value of Imperva s platform. Our checks with channel partners show that win rates for Imperva s database security and WAF have been particularly strong. The prevalence of threats targeting the database continues to grow, forcing IT administrators to use targeted solutions like Imperva s. Once customers begin to use the company s solutions, the value becomes abundantly clear and, as a result, our checks indicate sales to existing customers continue to accelerate. Imperva is garnering bigger deals. On top of accelerating new customer additions and strong cross sales, new deals continue to increase in size. That is leading to better ASPs and pipeline growth above bookings and revenue growth. Overall, we believe this bodes well for above-average topline growth for the foreseeable future. Company Overview The IT landscape, as well as new threat vectors, is increasingly challenging organizations. In our view, companies must address these challenges with new security products and solutions. Enter Imperva, a pioneer in a new category of security. Its flagship product, SecureSphere, is a leading data security and compliance solution. It protects sensitive data from hackers and malicious insiders, provides a fast, cost-effective route to regulatory compliance, and establishes a repeatable process for mitigating data risk. The SecureSphere suite of products includes three main segments: database security, file security, and web application security. Database security: Database security and compliance solutions, audit database access, and real-time protection against database attacks. Web application security: Protection against large-scale web attacks with reputation controls, automated management, and drop-in deployment. Page 153 December 18, 2013

153 BMO Capital Markets Imperva File security: Auditing, protection, and rights management for unstructured data on file servers and network attached storage devices. The company generates revenue from product licenses (hardware appliances or virtual appliances) for its SecureSphere Business Security Suite. SecureSphere Business Security Suite consists of database security, file security, and web application security. Perpetual software license revenue is generated from sales of appliances, licenses for additional users, and add-on software modules. Services revenue consists of maintenance and support, professional services and training, and subscriptions. Maintenance and support revenue is generated from support services that are bundled with appliances and add-on software modules. Training services revenue consists of fees we earn related to training customers and partners on the use of our products. We expect that the services revenue from maintenance and support contracts will continue to grow along with the increase in the size of their installed base. Additionally, subscription is increasing rapidly as a percentage of overall revenue (8.7% revenue 3Q12 vs. 5.1% revenue 3Q11), driven by Threat Radar and Incapsula. Database Security (50% of Bookings, Launched 2002) A database firewall is a type of application firewall that protects databases from application attacks. According to the Verizon Data Breach Investigations Report, compromised database servers were responsible for 89% of breached data. While database vendors have products here (Oracle, IBM), third parties have an opportunity, as Oracle and IBM heterogeneous DBMS support is substandard and few enterprises have standardized on a single database vendor. Solutions included in the database security segment are: SecureSphere Database Activity Monitoring (DAM): Delivers automated scalable activity monitoring, auditing, and reporting for heterogeneous database environments. SecureSphere helps organizations demonstrate regulatory compliance through automated processes, analysis, and reporting. The product accelerates incident response and forensic investigation with centralized management and advanced analytics. SecureSphere Database Firewall (DBF): Provides real-time database protection against internal and external threats by alerting or blocking attacks and abnormal access requests. SecureSphere provides virtual patching for database software vulnerabilities, reducing the window of exposure and impact of long-patch cycles. DBF includes the auditing and analytics capabilities offered by DAM. User Rights Management for Databases (URMD): Enables automatic aggregation and review of user access rights. SecureSphere helps identify excessive rights and dormant users based on organizational context and actual data usage. Using URMD, organizations can demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5 and reduce the risk of data breaches. SecureSphere Discovery and Assessment Server (DAS): Provides vulnerability assessment and configuration audits allowing users to measure compliance with industry standards and best practices. Data discovery and classification enable organizations to accurately scope Page 154 December 18, 2013

154 BMO Capital Markets Imperva security and compliance projects. With a combined analysis of sensitive data and vulnerabilities, SecureSphere helps prioritize and better manage risk mitigation efforts. Web Application Security (50% of Bookings, Launched 2002) Web application firewall (WAF) inspects the contents of the application layer of IP packets, protecting websites from threats not picked up by traditional network firewalls, including by patching web applications. WAFs sit between a web application and the client endpoint, and come in several form factors (software, hardware, appliance, servers). It can be a standalone device or integrated with other network components such as firewalls, proxies, and load balancers. Demand for WAF is driven by regulations, such as PCI for payment cards. The WAF market is a very early stage market generating what we expect is under $500 million. The Ponemon Institute found that 59% of respondents do not have WAFs and that 70% think that network firewalls will secure their Web Applications. The largest verticals for WAFs are E- commerce and retail. Impreva commands the greatest share of the WAF market given its focus, and other players include F5 Networks, Barracuda Networks, Citrix Systems, Trustwave, Riverbed Technology. Solutions included in the web application security segment are: SecureSphere Web Application Firewall (WAF): The web application firewall delivers automated protection against current application attacks, including SQL injection, XSS, and CSRF. SecureSphere combines automated application learning with up-to-date protection polices and signatures from the Imperva Application Defense Center to accurately identify and stop attacks. Granular correlation rules, reputation-based security, and a powerful reporting framework complete SecureSphere's superior multi-layer protection. With multigigabit inline and non-inline configuration options, SecureSphere offers drop-in deployment and ultra high performance, meeting the most demanding data center requirements. ThreatRadar: As an add-on security service for the web application firewall, ThreatRadar bolsters defenses against large-scale automated attacks. ThreatRadar enables timely, realworld protection from known attack sources, such as malicious IP addresses and phishing URLs, as well as identifies source reputation and geographic location for forensics. By transmitting attack source feeds in near real time to SecureSphere WAFs, ThreatRadar can quickly and accurately stop malicious users before an attack can be launched. The company is less than 20% penetrated in ThreatRadar, which has experienced rapid growth since its debut in 4Q10. DDoS Protection Service for SecureSphere: A secure, ultra-high capacity service that safeguards organizations from crippling DDoS attacks. DDoS Protection Service for SecureSphere can be deployed quickly and can scale on demand to mitigate multi-gigabit DDoS attacks. Page 155 December 18, 2013

155 BMO Capital Markets Imperva File Security (1% of Bookings, Launched 2002) We view the file security market as a long-term strategy for the company because it is geared toward unstructured data (80% of data in the datacenter is unstructured). File security protects sensitive file data stored on file servers and network attached storage devices. This is a nascent market, but demand and awareness are growing, driven by compliance. File security can be complementary to Data Loss Prevention (DLP). Solutions included in the file security segment are: SecureSphere File Activity Monitoring (FAM): Delivers real-time monitoring and auditing of access to files stored on file servers and network attached storage (NAS) devices. SecureSphere file auditing provides flexible alerting, analytics, and reporting so administrators can document and communicate access activity to key stakeholders and demonstrate regulatory compliance. FAM includes user rights management for files for file rights auditing. SecureSphere File Firewall (FFW): Prevents internal abuse and unauthorized access of sensitive file data, and helps ensure file integrity. SecureSphere monitors access activity, generates alerts based on user-defined rules, and blocks access that violates business policy. Centralized management, analytics, and reporting accelerate forensic investigations and security incident response. FFW includes user rights management for files for file rights auditing. SecureSphere User Rights Management for Files (URMF): Identifies existing user access rights and facilitates a complete rights review cycle. SecureSphere file rights auditing ensures that sensitive file data are accessible only by those with a business need to know. SecureSphere facilitates rights review cycles by creating a baseline of existing rights, identifying excessive and unused rights, and providing workflow capabilities to specify and communicate changes between all participants in the review process. URMF is included as part of SecureSphere FAM and FFW. Incapsula (80% Owned, Launched 2011) Imperva has a majority-owned subsidiary, Incapsula, which extends its reach down market and breaks it into the SMB and mid-markets. Incapsula is ~80% owned. The Imperva Cloud WAF services were launched in May Incapsula is incremental to the company s overall core WAF business that is targeted up market. The Imperva Cloud WAF, powered by Incapsula, is an easy, cost-effective cloud-based web application firewall service that offers businesses a way to protect critical web applications. It includes basic security services that provide ad hoc policy tuning and critical incident response times within four hours. Additionally, customers can purchase additional advanced managed security services for organizations requiring more proactive policy tuning and critical response times. Imperva Cloud WAF offers flexible one-, two-, and three-year subscription plans. Page 156 December 18, 2013

156 BMO Capital Markets Imperva Balance Sheet and Capital Allocation As of September 30, 2013, Imperva had $106.8 million of cash, cash equivalents, and short-term investments. Deferred revenue increased to $52.6 million as of September 30, 2013 from $38.3 million as of September 30, The growth in deferred revenue was primarily attributable to an increase in its installed base of products and licenses worldwide and resulting renewals of maintenance and support agreements, as well as new sales of maintenance and support agreements. Current Outlook In 3Q Imperva s revenue increased by $22.6 million, or 31.2%, owing to growth in products and license revenue and services revenue. The Americas region contributed the largest portion of this growth. Products and license revenue increased by $7.2 million, or 17.7%, and services revenue increased by $15.4 million, or 48.6%. Imperva s loss from operations increased by $2.1 million, to $3.7 million in 3Q because of increased sales and marketing personnel costs to support the global expansion of its business. In 3Q the number of customers grew by 680, or 32.5%, to 2,774 as of September 30, 2013 from 2,094 as of September 30, As the company has been building out a strategic salesforce over the last 18 months, product license growth should accelerate the rest of the year and into next year, based on pipeline visibility; pipeline growing faster than revenues, and bookings. The company remains in investment mode so we are not expecting to see any margin leverage in the near term. Based on the pipeline build, we expect Imperva to book a few seven-figure deals in the fourth quarter, as deals of this size typically have long evaluation phases before moving forward. We believe there were several large deals in the pipeline; overall increase in large deal pipeline activity continues to grow faster than revenues. We believe that as web applications are increasingly being deployed from the cloud, the need for web application firewalls is growing. Imperva appears to be the primary beneficiary of this market and competitive win rates against both F5 and IBM have remained stable. Majority of WAF customers do not have ThreatRadar, but the fastest component of subscriptions is growth in Incapsula. Exhibit 1. BMO vs. Consensus 4Q 2013E 2013E 2014E 2015E ($M, except EPS) BMO Guidance Street BMO Guidance Street BMO Street BMO Street Revenues $41.5 $41.0 $42.0 $41.7 $136.5 $136.0 $137.0 $136.7 $172.6 $171.9 $206.0 $202.7 y/y 30.4% 31.0% 31.0% 31.2% 26.4% 25.8% 19.4% 17.9% EBIT $3.36 $3.0 $3.5 $2.2 $(2.1) $(2.6) $3.7 $6.1 margin 8.1% 1.6% 2.1% 3.0% Net Income $2.88 $2.5 $3.0 $3.0 $(2.9) $(3.4) $2.8 $5.7 EPS $0.11 $0.10 $0.11 $0.11 $0.12 $(0.12) $(0.14) $0.13 $0.10 $0.12 $0.19 $0.16 Source: BMO Capital Markets Research, Thomson Reuters. Page 157 December 18, 2013

157 BMO Capital Markets Imperva Exhibit 2. DCF Analysis Valuation Our 10-year DCF analysis makes the following key assumptions, resulting in a long-term price of $52, implying a 14% premium to current levels: Revenue CAGR of 17%. EBIT margin slowly increasing to 23%. 10.0% WACC. 18x terminal cash flow multiple. Tax rate of 35%. ($in millions, except per share) FY2014E FY2015E FY2016E FY2017E FY2018E FY2019E FY2020E FY2020E FY2020E FY2020E TV CAGR Revenues $173 $206 $245 $290 $341 $401 $466 $538 $615 $697 $767 17% Growth 26.4% 19.4% 18.9% 18.4% 17.9% 17.4% 16.4% 15.4% 14.4% 13.4% 10.0% EBIT $4 $6 $13 $22 $34 $50 $70 $94 $120 $150 $180 EBIT Margin 2% 3% 5% 7% 10% 12% 15% 17% 19% 21% 23% Taxed EBIT $2 $4 $9 $14 $22 $32 $45 $61 $78 $97 $117 51% Depreciation $3 $4 $5 $6 $6 $7 $8 $10 $12 $13 $15 CapEx ($4) ($5) ($6) ($7) ($8) ($10) ($11) ($13) ($15) ($17) ($19) Change in Working Capital $9 $18 $10 $12 $14 $16 $19 $22 $25 $28 $31 Free Cash Flow $11 $21 $17 $24 $34 $46 $61 $80 $99 $121 $144 30% Growth 86% -17% 38% 41% 35% 33% 31% 24% 22% 18% Discounted FCF $10 $17 $13 $16 $21 $26 $31 $37 $42 $47 Cumulative cash flow $262 22% Tax Rate 35% WACC Cash Flow Multiple Terminal Value $906 78% WACC 10.0% $ x 23.0x 24.0x 25.0x 26.0x 27.0x Total DCF value $1,167 Cash Flow 18x 8% $71.9 $74.4 $76.9 $79.4 $82.0 $84.5 Debt $0 Multiple 9% $65.8 $68.1 $70.3 $72.6 $74.9 $77.2 Cash $107 10% $60.3 $62.4 $64.4 $66.5 $68.6 $70.6 Market Value of Equity $1,274 11% $55.4 $57.3 $59.1 $61.0 $62.9 $64.7 Shares Outstanding 24 12% $51.0 $52.7 $54.3 $56.0 $57.7 $59.4 Share Price $ % $47.0 $48.5 $50.0 $51.6 $53.1 $54.6 Current Price $45.75 upside/(downside) 14% Source: BMO Capital Markets Research, company documents. Our $52 price target is based on 5.7x our 2015 EV/sales estimate. We believe a premium valuation is reasonable, given Imperva s superior growth characteristics, the large and underpenetrated market opportunity, and the company s best-of-breed product portfolio. Page 158 December 18, 2013

158 BMO Capital Markets Imperva Exhibit 3. Peer Analysis (in Millions, Except Per Share Data) Recent Cash/ EV/Sales Revenue Growth Ticker Rating Price EV Share FY1E FY2E FY0-FY1E FY1E-FY2E Imperva Inc IMPV Outperform $45.75 $1,012 $ x 5.9x 31.0% 26.4% vs Security -19% -16% vs Security (excluding FEYE) 22% 13% Security Check Point Software Technologies Ltd CHKP MarketPerform $61.84 $8,794 $ x 6.0x 3.6% 5.6% Barracuda Networks Inc CUDA Outperform $25.83 $1,267 $ x 4.9x 15.6% 11.5% FireEye Inc FEYE NC $38.87 $4,369 $ x 17.6x 89.3% 57.7% Fortinet Inc FTNT NC $17.88 $2,503 $ x 3.7x 13.2% 13.5% Qualys Inc QLYS MarketPerform $23.31 $744 $ x 5.8x 18.0% 18.4% Palo Alto Networks Inc PANW NC $55.84 $3,566 $ x 4.9x 41.4% 31.3% Proofpoint Inc PFPT NC $29.29 $969 $ x 5.9x 24.8% 24.5% Average 9.2x 7.0x 29.4% 23.2% Average (excluding FEYE) 6.1x 5.2x 19.4% 17.4% (Fishbein - CUDA, CHKP, QLYS, IMPV) (NC = Not covered. Thomson data for not covered companies) *Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Research, Thomson Reuters. Stock prices as of the close on December 17, Risks Operating in an immature market. The data security market is rapidly evolving and difficult to predict. As such, it is hard to forecast important market trends, including how large the data security market will become and what products customers will adopt. If organizations fail to realize the value in this new, nascent category of security technologies, or adopt them more slowly, Imperva s results could suffer. Database, web, and file security could turn out to be features of networking/security products. The data security markets that Imperva plays into could eventually be features of networking and security products, rather than standalone markets. For example, SIEM and/or DLP could subsume database security. Different buying centers. Imperva s solution portfolio spans products that require access to different buying centers within some customers IT environments, which might cap the company s ability to penetrate existing accounts deeper and faster. General economic environment. The current economic backdrop is extremely volatile, which could impact organizations IT budgets and spending intentions. Even though the recessionary environment was a catalyst for catch-up security spending in 2010, a renewed economic downturn could have negative consequences for the industry. Customers may be forced to lower budgets again, slowing purchases for all security segments. Customer spending intentions on security could subside. Customers spending intentions for 2011 on security increased at a healthy rate. Should the threat environment stabilize or subside and current technologies catch up with increasingly sophisticated threats, purchase intentions for 2012 could subside compared with Competition and pricing pressure. Imperva competes with a number of larger companies in extremely competitive environments, including: IBM (Guardium), Oracle (Secerno), Citrix, F5, Intel (McAfee), and Symantec. Many of these competitors have advantages such as name Page 159 December 18, 2013

159 BMO Capital Markets Imperva recognition, larger S&M budgets, broader distribution networks, greater resources to make acquisitions, lower costs, and more established relationships. Customers may elect to accept a bundled products offering, even if it has limited functionality. M&A risk. Although Imperva does not have a history of acquisitions, it may seek to acquire additional businesses, products, and technologies to stay competitive. Larger acquisitions could pose integration risks and disrupt the existing business. Heavier exposure to certain verticals. Imperva has ~25% exposure to the financial and banking vertical, and roughly 10% to government and military. Any change in these industries could have an effect on Imperva s financial results. Selling to government entities can be highly competitive, expensive, and time consuming, often requiring significant up-front time and expense. Government demand may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand. Back-end loaded quarters. Imperva s quarters are back-end loaded, with 50%-60% of business closing in the third month. If expected revenue at the end of any quarter is delayed because anticipated purchase orders fail to materialize, logistics partners fail to ship products on time, Imperva fails to manage inventory properly or to release new products on schedule, or for any other reason, revenue for that quarter could fall below our expectations. Change in industry or government regulation and compliance standards. Imperva generates a substantial portion of its revenues from its products and services because the company helps organizations achieve and maintain compliance with government regulations and industry standards. If regulations and standards related to data security are changed in a manner that makes them less onerous, customers may be less willing to purchase Imperva s products and services. Imperva has international exposure, as it markets and sells its products throughout the world and has sales and R&D facilities outside the United States. Imperva also sources components for its products from various geographical regions and ships products from a foreign production facility. Therefore, the company is subject to risks associated with international operations, including trade and foreign exchange restrictions, foreign currency fluctuations, and economic and political instability. Execution risk. Imperva has experienced rapid growth over the last several years. If the company fails to execute and effectively manage this growth, operating results could fall below expectations. Further, the company relies on IT systems to help effectively manage critical functions such as order processing, revenue recognition, financial forecasting, and inventory and supply chain management. Failure to manage any future growth effectively could result in increased costs and weaker-than-expected operating results, and lead to decreased investor confidence. New disruptive technologies. While we believe that Imperva has a leading-edge technology and solution set, disruptive technologies by enterprising start-ups or other organizations could turn out to be technologically superior in the future. Other risks include possible litigation by third parties, and hosting failures. Page 160 December 18, 2013

160 BMO Capital Markets Imperva Financial Models Exhibit 4. Income Statement Imperva Income Statement FY2012 FY2013E FY2013E FY2014E FY2014E FY2015E ($ in millions except per share) FY2012 Q1-Mar-13 Q2-June-13 Q3-Sept-13 Q4-Dec-13E FY2013E Q1-Mar-14E Q2-June-14E Q3-Sept-14E Q4-Dec-14E FY2014E FY2015E Products and license revenues $ $ $ $ $ $ $ $ $ $ $ $ Maintenance/services revenues $ $ $ $ $ $ $ $ $ $ $ $ Total Revenue (non-gaap) $ $ $ $ $ $ $ $ $ $ $ $ Year-Over-Year Growth 33.1% 32.8% 27.6% 33.2% 30.4% 31.0% 29.1% 28.3% 25.9% 23.6% 26.4% 19.4% Cost of revenue: product $ $ $ $ $ $ $ $ $ $ $ $ Cost of revenue: services $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Gross Profit $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Expenses R&D $ $ $ $ $ $ $ $ $ $ $ $ Sales & Marketing $ $ $ $ $ $ $ $ $ $ $ $ General & Administrative $ $ $ $ $ $ $ $ $ $ $ $ Total Non-GAAP Operating Expenses $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Income $ (1.136) $ (3.141) $ (2.137) $ (0.332) $ $ (2.247) $ (1.928) $ (0.430) $ $ $ $ (+) Depreciation $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP EBITDA $ $ (2.515) $ (1.494) $ $ $ $ (1.190) $ $ $ $ $ Other income $ (0.243) $ (0.047) $ (0.055) $ $ (0.100) $ (0.089) $ (0.025) $ (0.025) $ (0.025) (0.025) Non-GAAP Earnings Bef.Taxes $ (1.379) $ (3.188) $ (2.192) $ (0.219) $ $ (2.336) $ (1.953) $ (0.455) $ (0.100) $ $ $ $ (0.100) $ $ Provision for Income Taxes $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Tax Rate -39.5% -4.8% -11.9% % 16.9% -53.6% -12.8% -65.9% 21.1% 14.8% 43.6% 22.6% Loss atributable to non-controlling interest $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Net Income (1) $ (1.419) $ (3.206) $ (2.323) $ (0.362) $ $ (3.008) $ (2.018) $ (0.555) $ $ $ $ Non-GAAP EPS $ (0.06) $ (0.13) $ (0.10) $ (0.01) $ 0.11 $ (0.12) $ (0.07) $ (0.02) $ 0.06 $ 0.13 $ 0.10 $ 0.19 Avg. Diluted Shares Outstanding $ $ $ $ $ $ $ $ $ $ $ $ (1) Non-GAAP excludes: amortization, restructuring, impairments, settlements, and stock-based comp. Expense Analysis (non-gaap): Cost of Revenues 79.4% 78.7% 76.7% 80.0% 80.4% 79.1% 78.2% 78.3% 78.6% 79.1% 78.6% 77.8% R&D 18.5% 19.9% 18.9% 17.0% 16.9% 18.0% 19.2% 18.4% 17.0% 16.2% 17.6% 17.4% Sales & Marketing 48.9% 56.7% 53.1% 52.7% 45.3% 51.4% 52.8% 49.8% 46.4% 44.8% 48.1% 46.8% General & Administrative 13.1% 13.1% 11.6% 11.1% 10.1% 11.3% 11.4% 11.2% 10.9% 10.1% 10.8% 10.6% Depreciation 1.8% 2.2% 2.1% 1.9% 1.9% 2.0% 2.0% 2.0% 2.0% 2.0% 2.0% 2.0% Margin Analysis (non-gaap): Product gross margin 85.7% 86.7% 84.4% 89.6% 89.0% 87.7% 88.0% 88.0% 88.0% 88.0% 88.0% 88.0% Maintenance/Services gross margin 71.2% 70.9% 69.1% 69.6% 70.0% 69.9% 70.0% 70.0% 70.0% 70.0% 70.0% 70.0% Gross Margin 79.4% 78.7% 76.7% 80.0% 80.4% 79.1% 78.2% 78.3% 78.6% 79.1% 78.6% 77.8% Operating Margin (total) -1.1% -11.0% -6.8% -0.9% 8.1% -1.6% -5.2% -1.1% 4.3% 8.0% 2.1% 3.0% EBITDA Margin.7% (8.8%) (4.8%) 1.0% 10.0%.3% (3.2%).9% 6.3% 10.0% 4.1% 5.0% Tax Rate (39.5%) (4.8%) (11.9%) (131.5%) 16.9% (53.6%) (12.8%) (65.9%) 21.1% 14.8% 43.6% 22.6% Net Margin (1.4%) (11.2%) (7.4%) (1.0%) 6.9% (2.2%) (5.5%) (1.4%) 3.9% 7.2% 1.6% 2.8% Sequential Growth Rates (non-gaap): Total Revenue (10.2%) 9.6% 12.0% 18.2% (11.1%) 8.9% 10.0% 16.1% Gross Profit (12.1%) 6.9% 16.7% 18.9% (13.5%) 9.0% 10.3% 16.9% Operating Margin % (32.0%) (84.5%) (1113.0%) % (77.7%) (546.5%) 113.0% Net Income (294.5%) (27.5%) (84.4%) (896.4%) (170.0%) (72.5%) (408.1%) 116.1% Year-Over-Year Growth (non-gaap): Total Revenue 33.1% 32.8% 27.6% 33.2% 30.4% 31.0% 29.1% 28.3% 25.9% 23.6% 26.4% 19.4% Gross Profit 33.3% 32.5% 25.0% 33.9% 30.3% 30.4% 28.3% 30.9% 23.7% 21.7% 25.6% 18.1% Operating expenses 18.5% 31.7% 34.1% 36.2% 24.6% 31.3% 20.1% 21.8% 15.5% 21.7% 19.7% 16.7% Operating Income (86.9%) 26.5% 655.1% (432.0%) 119.8% 97.8% (38.6%) (79.9%) (678.3%) 21.6% (262.5%) 66.6% Net Income (83.7%) 23.2% 533.0% 273.2% 74.9% 112.0% (37.1%) (76.1%) (572.4%) 28.2% (194.1%) 102.1% EPS (88.3%) 14.9% 491.4% 253.5% 61.6% 98.0% (46.2%) (79.7%) (499.0%) 19.5% (182.0%) 89.0% Source: BMO Capital Markets Research, company documents. Page 161 December 18, 2013

161 BMO Capital Markets Imperva Exhibit 5. Balance Sheet FY2012 FY2013E FY2014E FY2015E ($ in millions) Q4-Dec-12 Q1-Mar-13 Q2-June-13 Q3-Sept-13 Q4-Dec-13E Q1-Mar-14E Q2-June-14E Q3-Sept-14E Q4-Dec-14E Q4-Dec-15E Assets Cash & Cash Equivalents $ $ $ $ $ $ $ $ $ $ Short term investments $ $ $ Restricted cash $ $ $ Accounts Receivable $ $ $ $ $ $ $ $ $ $ Inventory $ $ $ $ $ $ $ $ $ $ Deferred tax assets $ $ $ $ $ $ $ $ $ $ Prepaid expenses $ $ $ $ $ $ $ $ $ $ Total Current Assets $ $ $ $ $ $ $ $ $ $ PP&E, net $ $ $ $ $ $ $ $ $ $ Severance pay fund $ $ $ $ $ $ $ $ $ $ Deferred tax assets $ - $ $ $ $ $ $ $ $ $ Other assets $ $ $ $ $ $ $ $ $ $ Total Assets $ $ $ $ $ $ $ $ $ $ Liabilities Accounts payable $ $ $ $ $ $ $ $ $ $ Accrued comp $ $ $ $ $ $ $ $ $ $ Accrued other $ $ $ $ $ $ $ $ $ $ Deferred Revenues $ $ $ $ $ $ $ $ $ $ Convertible related $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Revolving credit facility $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Total Current Liabilities $ $ $ $ $ $ $ $ $ $ Other liabilities $ $ $ $ $ $ $ $ $ $ LT Deferred Revenues $ $ $ $ $ $ $ $ $ $ Accrued severance pay $ $ $ $ $ $ $ $ $ $ Total Liabilities $ $ $ $ $ $ $ $ $ $ Stockholders' equity $ $ $ $ $ $ $ $ $ $ Total Liabilities + Stockholder's Equity $ $ $ $ $ $ $ $ $ $ Balance Sheet Summary Current Ratio Book Value Per Share $3.32 $3.42 $3.37 $3.38 $3.11 $2.99 $2.91 $2.92 $3.00 $2.99 Cash Per Share $4.09 $2.77 $2.90 $2.89 $4.01 $4.34 $4.19 $4.07 $4.13 $4.59 Net Cash Per Share $4.09 $2.77 $2.90 $2.89 $4.01 $4.34 $4.19 $4.07 $4.13 $4.59 Return On Equity -1.8% -2.5% -4.9% -5.1% -3.6% -2.2% -0.1% 2.4% 3.3% 6.4% Return on Assets -1.0% -1.4% -2.7% -2.7% -1.9% -1.1% 0.0% 1.1% 1.5% 2.6% Working Capital, net ($13) ($13) ($14) ($14) ($16) ($14) ($16) ($17) ($20) ($23) Avg. Diluted Shares Outstanding Model Assumptions DSO (excluding deferred revenue) DSO (billings) Accounts Payable Days (off COGS) Accrued Expenses (as % of Sales) 29% 35% 34% 34% 32% 32% 32% 32% 32% 32% Source: BMO Capital Markets Research, company documents. Page 162 December 18, 2013

162 BMO Capital Markets Imperva Exhibit 6. Cash Flow Statement FY2012 FY2013E FY2013E FY2014E FY2014E FY2015E ($ in millions) FY2012 Q1-Mar-13 Q2-June-13 Q3-Sept-13 Q4-Dec-13E FY2013E Q1-Mar-14E Q2-June-14E Q3-Sept-14E Q4-Dec-14E FY2014E FY2015E Operating Activities non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap non-gaap Net income $ (7.892) $ (6.195) $ (6.045) $ (3.920) $ $ (13.277) $ (2.018) $ (0.555) $ $ $ $ Depreciation and amortization $ $ $ $ $ $ $ $ $ $ $ $ Stock-based comp $ $ $ $ $ $ - $ - Other $ $ $ $ $ $ - $ - Net change in assets and liabilitites, excl. acquisitions Accounts receivable, net $ (9.840) $ $ (2.788) $ (9.565) $ (10.992) $ (12.068) $ $ (4.754) $ (9.901) $ (15.206) $ (14.951) $ (21.592) Inventory $ $ $ (0.053) $ (0.173) $ - $ (0.213) $ - $ - $ - $ - $ - $ - Prepaid expenses $ (2.174) $ (0.598) $ $ (0.250) $ (0.654) $ - $ - Accounts payable and other liabilities $ $ (1.006) $ $ (0.718) $ $ $ (1.827) $ $ $ $ $ Accrued comp $ $ $ $ $ $ - $ - Accrued other $ $ (0.714) $ $ $ (0.146) $ - $ - Severance, net $ $ $ (0.046) $ (0.049) $ $ - $ - Deferred revenue $ $ $ $ $ $ $ $ $ $ $ $ Deferred tax assets $ (0.286) $ (0.012) $ (0.006) $ $ (0.016) $ - $ - Other $ (0.001) $ (0.010) $ $ (0.004) $ (0.012) $ - $ - Net Cash from Operations $ $ $ (0.794) $ (4.648) $ $ $ $ (1.166) $ (0.302) $ $ $ Investing Activities Purchases of ST investments $ (58.158) $ (18.400) $ (8.626) $ (2.799) $ (29.825) $ - $ - Proceeds from sales of marketable securities $ $ $ $ $ $ - $ - Capital Expenditures $ (3.330) $ (0.511) $ (0.691) $ (0.551) $ (1.500) $ (3.253) $ (1.000) $ (1.000) $ (1.000) $ (1.000) $ (4.000) $ (5.000) Change in other assets $ (0.400) $ - $ - $ - $ - $ - $ - Change in restricted cash $ $ (0.005) $ $ (0.001) $ $ - $ - Net Cash from Investing $ (45.574) $ (1.285) $ $ $ (1.500) $ $ (1.000) $ (1.000) $ (1.000) $ (1.000) $ (4.000) $ (5.000) Financing Activities IPO proceeds (net) $ - $ - Proceeds from exercise of stock options $ $ - $ - $ - $ - $ - Proceeds from issuances of common stock $ - $ $ $ $ $ - $ - Repayment of convert $ - $ - $ - $ - $ - $ - Proceeds from preferred $ - $ - Proceeds from restricted stock $ - $ - $ - $ - $ - $ - Credit facility $ - $ - $ - $ - $ - $ - Credit facility repayment $ - $ - $ - $ - $ - $ - Other $ $ - $ - $ - $ - $ - Net Cash from Financings $ $ $ $ $ - $ $ - $ - $ - $ - $ - $ - Foreign Currency Impact $ $ (0.083) $ (0.079) $ (0.043) $ (0.205) $ - $ - Net Increase / Decrease in Cash $ (36.824) $ $ $ $ $ $ $ (2.166) $ (1.302) $ $ $ FCFE $ 1.1 $ 7.2 $ (1.5) $ (5.2) $ 3.2 $ 3.7 $ 11.2 $ (2.2) $ (1.3) $ 4.0 $ 11.7 $ 22.7 y-o-y 135% 37% -1365% -354% 222% 57% 46% -75% 25% 220% 94% FCFF $ 1.5 $ 7.2 $ (1.4) $ (5.5) $ 3.3 $ 3.8 $ 11.3 $ (2.1) $ (1.3) $ 4.0 $ 11.8 $ 22.8 y-o-y 131% 29% 10024% -390% 158% 56% 49% -77% 23% 210% 93% FCFF/Share $0.06 $0.30 -$0.06 -$0.22 $0.12 $0.15 $0.40 -$0.07 -$0.04 $0.14 $0.41 $0.74 Source: BMO Capital Markets Research, company documents. Page 163 December 18, 2013

163 BMO Capital Markets Imperva Page 164 December 19, 2013

164 Qualys (QLYS-NASDAQ) Stock Rating: Market Perform Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Initiating Coverage With a Market Perform Rating and $25 Price Target Investment Thesis Qualys has a unique and significant opportunity to expand its business over the next several years, in our view. As one of the leaders in the fast-growing cloudbased security market, Qualys is benefiting from accelerating adoption of the security as a service (SecaaS) market. With over 5,800 customers that primarily use only one of Qualys's solutions, the company has a significant opportunity to cross-sell new solutions recently added to the platform. We see the potential for revenue acceleration already reflected in the current consensus outlook and shares at current levels. Forecasts & Valuation Qualys s business model is 100% subscription based, providing excellent visibility into the company s near-term revenue stream. The company is significantly expanding its product set and distribution channels, which we believe should lead to accelerated growth and expanding margins. We estimate that Qualys's non-gaap operating margin can expand from 7.4% in FY2012 to over 10% within the next few years, driven by sales leverage across all operating expenses, and over the long term we see a mid-20% operating margin as feasible. The stock price currently reflects this, trading at a premium to its security software peers. Recommendation We are initiating coverage of Qualys with a Market Perform rating and a $25 price target based on both our DCF and comparative multiple analyses and equates to 5.3 x our 2015 EV/sales estimate. Price (17-Dec) $ Week High $24.90 Target Price $ Week Low $10.15 Qualys (QLYS) Price: High,Low,Close(US$) Relative to S&P Volume (mln) Last Data Point: December 13, 2013 (FY-Dec.) 2012A 2013E 2014E 2015E EPS $0.21 $0.20 $0.27 $0.37 P/E nm 88.1x 64.3x CFPS $0.37 $0.50 $0.53 $0.59 P/CFPS 47.6x 44.9x 40.3x Rev. ($mm) $91 $108 $128 $152 EV ($mm) $618 $618 $618 $618 EBITDA ($mm) $14 $18 $23 $29 EV/EBITDA 45.5x 35.0x 27.1x 21.0x Quarterly EPS Q1 Q2 Q3 Q4 2012A na na $0.10 $ E $0.01a $0.06a $0.08a $ E $0.05 $0.06 $0.07 $0.09 Dividend $0.00 Yield 0.0% Book Value $2.77 Price/Book 8.6x Shares O/S (mm) 36.2 Mkt. Cap (mm) $862 Float O/S (mm) 16.2 Float Cap (mm) $386 Wkly Vol (000s) 626 Wkly $ Vol (mm) $10,943 Net Debt ($mm) -$101 Next Rep. Date na Notes: All values in US$. First Call Mean Estimates: Not Available Page 165 December 18, 2013

165 BMO Capital Markets Qualys Investment Drivers Pure recurring subscription-based business model. Qualys s business model is 100% subscription based. Ninety-five percent of the business is transacted in one-year deals, and the remaining 5% is roughly split between three-year deals and deals with duration of less than one year. This model provides management and investors with excellent visibility into the company s near-term revenue stream. Accelerating revenue growth; revenues should grow in the high-teens over the next several years. The company has accelerated revenue growth from 14% in 2009/2010 to 20% in We estimate that Qualys's revenues will grow at 19% over the next three years. Our revenue assumption is based on three pillars: 1) our belief that the company will continue to be well positioned in its core vulnerability management market, 2) that new product initiatives will continue to gain traction, and 3) that the company s SaaS platform offers a compelling value proposition and could succeed where the giants have failed. About 90% of Qualys s revenues are generated from cloud-based vulnerability management (VM). According to Gartner, this specific segment is expected to grow at a five-year CAGR of 27% through We believe management s expectation of mid-teens growth in VM could prove conservative. QLYS owns 40% of the high-end market and still has room to grow from here, while the SMB segment is underpenetrated. With the products Qualys has recently introduced onto its QualysGuard suite, the company has entered into markets that should help accelerate the overall revenue growth rate. The company s investments in sales and the channel to drive its broadening suite should continue to pay off. We expect these new products, which currently represent approximately 14% of revenues to grow 3x-5x faster than the core VM. Throughout the years, the three giants in security Symantec, McAfee, and Trend Micro have tried to integrate multiple security functions under the same management platform without much success. Stitching together home-grown and acquired technologies simply does not work unless everything is re-written on the same platform. With its common SaaS platform should Qualys execute on its vision, it could gain increased traction. Strong vulnerability management platform with access to adjacent markets. Qualys has a significant opportunity to drive long-term revenue growth by cross-selling its suite of security applications to existing customers. Currently, Qualys s vulnerability management solution makes up 90% of the company s revenues. Within that space, Qualys consistently ranks high compared with legacy on-premise and cloud providers, indicating that customers are generally happy with the product. This is further substantiated by renewal rates above 90%. Profitable model with expanding margins. Over the long term, we think Qualys can generate operating margins in the mid-20%. In this stage of a company s maturation, it s fairly atypical to see positive net income given the company s focus on growth. Further, compared with other security vendors, Qualys profitability profile stacks up well. We believe Qualys has significant room to drive operating margin expansion over the next five years. We estimate that Qualys's non-gaap operating margin can expand from 7.4% in FY2012 to over 10% within the next few Page 166 December 18, 2013

166 BMO Capital Markets Qualys years, driven by sales leverage across all operating expenses, and over the long term we see a mid-20% operating margin as feasible. Large and underpenetrated addressable market. In 2012, the vulnerability management market was approximately $900 million. We estimate that Qualys has 8%-10% of the total VM market. If we include the other products within the QualysGuard suite, Qualys was addressing a market totaling approximately $4 billion in Additionally, Qualys s revenue stream is well diversified across industries, including education, financial services, government, healthcare, insurance, manufacturing, media, retail, technology, and utilities industries among others. Overall, Qualys s customer base is very well diversified across geographies, industries, and company size. We believe this shows the breadth of the QualysGuard suite and reflects the company s ability to drive further penetration in the entire security market. Opportunity for cross-sell/up-sell. Only 20% of the company's 6,000+ customers have acquired more than one of its solutions, and 84% of revenue last quarter was from vulnerability management, which creates a natural up-sell opportunity. Additionally, we believe that in the cases where the customer has purchased only one solution (or more), that solution has an opportunity to expand across the customer as well. Beyond vulnerability management, the company has product offerings in policy compliance, PCI compliance, web applications scanning, and malware detection. Pending new products include the following: Web Application Firewall (WAF) Beta, ship early in 2014 Continuous Perimeter Monitoring Beta, ship in 4Q13; Remediation Console Beta in 4Q13 Mobile Security - Beta in 4Q13 Web Application Analytics (i.e., Log Analysis) - Beta in 1Q14 Malware Protection Services (Advanced Persistent Threat) - Beta in 2Q14 New Web Application Security Suite - ship 2H14. This new product bundle will consist of four products including Web Application Scanning (WAS), Web Application Firewall (WAF), Web Application Analytics (WAA), and Remediation (REM). Page 167 December 18, 2013

167 BMO Capital Markets Qualys Market Backdrop Over the past decade, as the internet has evolved, so too has the extent and scope of cyber threats. As a result, the threat landscape has changed significantly over the past decade in several dimensions, including 1) increased sophistication, maliciousness, and stealth; 2) increased scale and frequency; and 3) the convergence of threats. The growing threat landscape has been made ever more apparent with the increasing number of high-profile data breaches that have occurred over the past several years. In our opinion, legacy solutions, both network and endpoint, have proved to be insufficient. At the same time, we are seeing a significant increase in customer interest in new and improved data protection and next-generation technologies. As a result, existing vendors have been scrambling to add new detection and prevention technologies to protect market share and meet customer demand. Security Software makes up 8% of overall enterprise software spending. Gartner projects that by 2017, total security spending (total security spending less security services) will increase to $39.1 billion from $27.7 billion in 2012, representing a five-year CAGR of 7.2%. The cloudbased security market was approximately $1.7 billion in 2012, and is expected reach $4.1 billion by 2017, representing a CAGR of 19.6% over a five-year period. By 2015, we estimate that Qualys will be addressing a market of roughly $5.7 billion. That said, as one of the better established pure-play security providers, Qualys will have a good opportunity, in our view, to expand its total addressable market (TAM) in the future, either through acquisitions or new product launches, similar to what we ve seen over the past few years. Furthermore, new technologies have increased the number of attack vectors, making organizations that much more vulnerable to an attack. More recently, the transition to cloud computing has exposed organizations to additional security vulnerabilities, as has the adoption of other new technologies such as virtualization and mobile computing. This ultimately has expanded the number of endpoints that need to be monitored and managed in order to protect sensitive data and IT assets. Regulatory compliance is becoming an increasingly important component of IT, especially as the cost of compliance grows with each new regulation. As a result, compliance is becoming an increasingly hot topic with C-level executives. In the 2012 Gartner CEO Survey, regulatory risk was cited as the number-one business risk. With Dodd-Frank, healthcare reform, more stringent privacy rules, and the increasing need to regulate the internet, among other new and upcoming regulations, enterprises will likely turn to compliance standards as never before. This should continue to drive the need for compliance software over the long term. Page 168 December 18, 2013

168 BMO Capital Markets Qualys Company Background Qualys operates as a security as a service (SecaaS) provider, offering customers a suite of solutions that includes vulnerability management, policy compliance, PCI compliance, web application scanning, malware detection, and others. Its main distributors include Dell/SecureWorks (6% of rev), Accuvant, Accenture, IBM, Infosys, and TATA. Qualys has a broad customer base and many of its customers across all vertical are the largest and most wellknown brands in the world including Daimler, Microsoft, Goldman Sachs, Verizon, Bank of America, Pepsi, Coke, J.P. Morgan, GM, ebay, MetLife, Goldman Sachs, Apple, Home Depot, DuPont, Google, and Oracle. The QualysGuard platform is an SaaS offering. Customers scan their network with Qualys-hosted scan engines and use Qualys-managed appliances, which are deployed on site, to scan interior networks. The scan engine can also be virtualized to enable deployment in customer data centers and cloud environments. The solutions can be deployed easily and are designed to be implemented and operated without the need for any professional services, which is why the company does not sell professional services. The company offers two different editions of its QualysGuard suite: Enterprise Edition (75% of revenue), which is marketed to companies with greater than 5,000 employees Express Edition (25% of revenue), marketed to companies with fewer than 5,000 employees. In terms of pricing, the two editions are very similar. For the scanner, an appliance runs at $1,995 per year, or customers can opt for a virtual scanner, which goes for approximately $995 per year. Under both editions, both the vulnerability management and policy compliance solutions are priced by the number of live IP addresses, and the web application security software is priced by the number of web applications the customer utilizes with pricing at $100-$500 per application per year. Where they differ is that under the vulnerability management subscription, the software is sold in packages under the Express Edition to ensure a minimum usage. QualysGuard Vulnerability Management (VM) automates network auditing and vulnerability management, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. QualysGuard Policy Compliance allows customers to analyze and collect configuration and access control information from their networked devices and web applications and automatically maps this information to internal policies and external regulations to document compliance. QualysGuard PCI (Payment Card Industry) Compliance is for organizations that store cardholder data; this is meant to be a cost-effective and highly automated solution to verify and document compliance with PCI DSS (data security standards). The solution allows merchants to complete the annual PCI self-assessment questionnaire and meet demands of PCI for web application security. QualysGuard Web Application Scanning allows customers to discover, catalog, and scan a large number of web applications, which are often main attack vectors for cyber threats. Page 169 December 18, 2013

169 BMO Capital Markets Qualys QualysGuard Malware Detection Service provides the ability to scan, identify, and remove malware infections from websites. Qualys is entering the web application firewall (WAF) market that is just beginning to scratch the surface of its total market potential. According to Gartner, the WAF market totaled $278 million in 2011 (+17% y/y) and with an estimated market penetration of just 5%-20% (Gartner, 2011), the implied greenfield opportunity is huge. That is in part due to industry standards that are increasingly requiring companies to implement a number of security measures to protect their data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires companies that have public-facing web applications that accept payment information to establish a web application security review process. Often these companies use both WAF and security testing solutions (like web application scanning [WAS]), as a best-practice solution. However, according to a recent Gartner survey only 33% of the organizations surveyed were compliant with the PCI standards, underlining the significant greenfield opportunity security vendors have. Ultimately, we believe Qualys is entering a good market with a unique product. As it is one of just two SaaS offerings, we expect Qualys will hit the ground running with its WAF, which is expected to become generally available in 1Q14. Imperva, Barracuda Networks, F5, and Citrix are the incumbent leaders in the space; however, only Imperva offers a SaaS solution that would be comparable to Qualys s WAF. We think this gives Qualys (and Imperva) a distinct advantage over the competition. Deploying a SaaS-based WAF solution gives customers the ability to forgo the need to hire expensive IT specialists, leaving those tasks (and expense) to the provider. From the technology providers viewpoint, SaaS delivery also makes it easier to onboard customers because it more often than not requires fewer resources for the initial deployment. Also, postdeployment costs are typically lower as well. Management s Strategy for Long-Term Growth Continue to innovate and enhance the platform and suite of solutions. Qualys recently introduced new solutions to the platform, including Web Application Scanning and Zero-Day Risk Analyzer, and is looking to add several other solutions within the next year (as explained above). We view this as an integral component to management s strategy to expand the company s TAM. If Qualys can successfully cross-sell its new and upcoming products to its core VA customers, we would expect above-average top-line growth for several years. We estimate that in 2012, Qualys increased its TAM to over $4.3 billion by adding new categories to its product portfolio. Over the long term, we believe it is likely that Qualys will continue to enhance its platform to drive customer acquisitions and TAM expansion. Near term, however, we believe the company will focus its research and development resources on enhancing its current product suite instead of adding TAM-expanding categories to the platform. Page 170 December 18, 2013

170 BMO Capital Markets Qualys Expand the use of the suite being used by the company s large and diverse customer base. Roughly 90% of Qualys s revenues are generated from the VM product. Given that such a modest portion of the company s business is generated from the remaining five components (Web Application Scanning, Policy Compliance, PCI Compliance, Malware Detection Service, and Qualys SECURE Seal) of the QualysGuard suite, we believe the company has a significant opportunity to sell additional solutions to its existing installed base of 5,800 customers and ultimately drive revenue growth. We think an integral part of the story is Qualys s ability to sell across its platform, which will largely determine its overall market opportunity and, in our opinion, will drive the stock. Though most customers come to Qualys for its VM solution, we are beginning to see increasing interest in the company s complementary solutions, especially Policy Compliance (PC) and Web Application Scanning (WAS). We think this is an integral part of the story Qualys s ability to sell across its platform will largely determine its overall market opportunity and, in our opinion, will drive the stock. In that light, as an SecaaS provider, Qualys is in an excellent position, in our view, to drive cross-platform sales. Unlike several of its traditional competitors (i.e., not SaaS), Qualys has the unique ability to leverage the cloud and its multi-tenant delivery model to reduce costs for clients. Over time, the ability to rapidly deploy software updates at a lower cost than traditional deployment methods will drive market share gains in favor of SecaaS providers, in our opinion. Additionally, ease of deployment and minimal maintenance requirements offer buyers clear cost benefits. Pursue technology acquisitions. Consolidation in the security space continues at a rapid pace. In many instances, large players have acquired technology assets in an effort to remain competitive in what has been a constantly evolving space. Qualys is no different, having undertaken several small acquisitions to bolster its technology. In August 2010, Qualys purchased Nemean Networks for $3.7 million. Nemean is developing a network security solution for the detection and analysis of external intrusions to computer networks. Looking forward, we think Qualys will likely pursue similar acquisitions in an effort to enhance its platform and drive customer acquisitions. Competition The security space is highly competitive and fragmented, though revenues are concentrated. Within vulnerability assessment (core market 88% of total sales) Qualys ranked number one in device vulnerability assessment and number two after IBM (Watchfire) in total VA. However, there are many large and small players within the space that are vying for share. Included in that group are Beyond Security, BeyondTrust/eEye Digital Security, Critical Watch, Digital Defense, IBM, McAfee, ncircle, Rapid7, Saint, Tenable Network Security, and Trustwave among others. According to Gartner, 80% of VA revenues go to five vendors, with the remaining 20% spread out across many. The VA market is generally characterized as mature as new capabilities are only slightly incremental. Recent improvements within the space have been focused on virtual environments and mobile devices, improving the management of multiple scanners in large deployments, richer reporting, and threat analysis. VA vendors are increasingly competing on price rather than speed or accuracy. As such, we are particularly wary of the traditional security players that have significantly more resources than Qualys. In a scenario in which the TAM for cloud-based security and compliance software Page 171 December 18, 2013

171 BMO Capital Markets Qualys increases beyond our estimation, it is feasible that those companies with greater resources would undercut smaller players in an effort to grab a larger piece of the pie. Security information and event management (SIEM) market players include HP, IBM, McAfee, NetIQ, LogRhythm, EMC, Quest Software, Splunk, Symantec, LogLogic, and others. The dynamic application security testing space market players include IBM, HP, White Hat Security, NT OBJECTives, Veracode, and others. The web application firewall market players include Imperva, F5 Networks, Bee Ware, Barracuda Networks, Citrix Systems, Deny All, Trustwave, and Riverbed Technology. Balance Sheet and Capital Allocation Qualys remains cash flow positive. At September 30, 2013, the company s cash, cash equivalents, and short-term and long-term balance was $125.7 million, including $2.5 million held outside the US by foreign subsidiaries. Current Outlook We are comfortable with our estimates and believe growth could accelerate. The core VM business, which represents 84% of total revenues, grows 13%-17% in any given quarter and 15% on average. We believe growth could accelerate based on several factors: Policy compliance accounts for more than 10% of revenues and is growing 50%+. Sales here tend to be up-sells into the VM customer install base with large enterprises as the typical buyers. WAS also represents more than 10% of revenues, growing 30% with a balance between new and existing customers, while PCI is 2% of revenues. Only 20% of the install base have bought more than one product, presenting a large up-sell opportunity. The company hired a new head of channels on March 1 to drive the channel strategy. New products recently released (cloud-based web application firewall targeting SMBs) and upcoming represent longer-term opportunities. Exhibit 1. BMO vs. Consensus 4Q13E FY2013E FY2014E FY2015E ($M) BMO Guidance Street Est. BMO Guidance Street Est. BMO Street Est. BMO Street Est. Total revenue (non GAAP) $29.0 $28.5 $29.0 $28.9 $107.9 $106 $108 $107.9 $127.7 $128.2 $151.9 $152.2 Non GAAP OM 7.2% 7.4% 8.9% 10.4% Non GAAP EPS $0.05 $0.03 $0.05 $0.05 $0.20 $0.16 $0.20 $0.20 $0.27 $0.29 $0.37 $0.40 CFO $6.2 $29.3 $34.0 $39.4 Source: BMO Capital Markets Research, Thomson Reuters. Page 172 December 18, 2013

172 BMO Capital Markets Qualys Exhibit 2. DCF Analysis Valuation Our 10-year DCF analysis makes the following key assumptions, resulting in our target price of $25, implying a 8% premium to current levels: Revenue CAGR of 16%. EBIT margin slowly increasing to 24.4%. 10.0% WACC. 16x terminal cash flow multiple. Tax rate of 35%. ($in millions, except per share) FY2014E FY2015E FY2016E FY2017E FY2018E FY2019E FY2020E FY2021E FY2022E FY2023E TV CAGR Revenues $128 $152 $180 $212 $246 $285 $327 $375 $427 $485 $533 16% Growth 18.4% 19.0% 18.5% 17.5% 16.5% 15.5% 15.0% 14.5% 14.0% 13.5% 10.0% EBIT $11 $16 $23 $33 $44 $55 $67 $80 $96 $113 $130 29% EBIT Margin 8.9% 10.4% 12.9% 15.4% 17.9% 19.4% 20.4% 21.4% 22.4% 23.4% 24.4% Taxed EBIT $7 $10 $15 $21 $29 $36 $43 $52 $62 $74 $84 Depreciation $11 $14 $16 $19 $22 $25 $29 $33 $38 $43 $47 CapEx ($14) ($16) ($19) ($22) ($26) ($30) ($34) ($39) ($45) ($51) ($56) Change in Working Capital $12 $11 $9 $11 $12 $14 $16 $19 $21 $24 $27 Free Cash Flow $17 $19 $21 $28 $37 $45 $54 $64 $76 $90 $102 20% Growth 11% 13% 33% 31% 22% 20% 19% 18% 18% 14% Discounted FCF $15 $16 $16 $19 $23 $25 $28 $30 $32 $35 Cumulative cash flow $239 Tax Rate 35% Cash Flow Multiple Terminal Value $572 WACC 10.0% $ x 15.0x 16.0x 17.0x 18.0x 19.0x Total DCF value $811 Cash Flow 16.0x 10% $23.2 $24.2 $25.2 $26.1 $27.1 $28.1 Debt $0 Multiple 11% $21.5 $22.4 $23.3 $24.2 $25.1 $26.0 Cash $101 12% $20.0 $20.8 $21.6 $22.4 $23.2 $24.0 Market Value of Equity $912 13% $18.6 $19.4 $20.1 $20.8 $21.6 $22.3 Shares Outstanding % $17.4 $18.1 $18.7 $19.4 $20.1 $20.7 Share Price $ % $16.3 $16.9 $17.5 $18.1 $18.7 $19.3 Current Price $23.30 upside/(downside) 8% Source: BMO Capital Markets Research, company documents. Our $25 price target is based on 5.3x our 2015 EV/sales estimate. We believe a premium valuation is reasonable given Qualys s large and underpenetrated market opportunity, 100% subscription revenue model, and best of breed product portfolio. Page 173 December 18, 2013

173 BMO Capital Markets Qualys Exhibit 3. Peer Analysis (in Millions, Except Per Share Data) Recent Cash/ EV/Sales Revenue Growth Ticker Rating Price EV Share FY1E FY2E FY0-FY1E FY1E-FY2E Qualys Inc QLYS MarketPerform $23.31 $744 $ x 5.8x 18.0% 18.4% vs Security -25% -16% vs Security (excluding FEYE) 12% 12% Security Check Point Software Technologies Ltd CHKP MarketPerform $61.84 $8,794 $ x 6.0x 3.6% 5.6% Barracuda Networks Inc CUDA Outperform $25.83 $1,267 $ x 4.9x 15.6% 11.5% FireEye Inc FEYE NC $38.87 $4,369 $ x 17.6x 89.3% 57.7% Fortinet Inc FTNT NC $17.88 $2,503 $ x 3.7x 13.2% 13.5% Imperva Inc IMPV Outperform $45.75 $1,012 $ x 5.9x 31.0% 26.4% Palo Alto Networks Inc PANW NC $55.84 $3,566 $ x 4.9x 41.4% 31.3% Proofpoint Inc PFPT NC $29.29 $969 $ x 5.9x 24.8% 24.5% Average 9.3x 7.0x 31.3% 24.4% Average (excluding FEYE) 6.2x 5.2x 21.6% 18.8% (Fishbein - CUDA, CHKP, QLYS, IMPV) (NC = Not covered. Thomson data for not covered companies) *Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Research, Thomson Reuters. Stock prices as of the close on December 17, Risks Highly competitive and fragmented space. Across each of its products, Qualys competes with legacy and cloud security providers. Some of the largest names within the space include IBM, Symantec, Trend Micro, and McAfee, with several others all vying for market share. Furthermore, the competitive landscape continues to intensify, which puts pressure on product prices and requires more aggressive marketing and customer acquisition initiatives. Highly seasonal bookings. Qualys is highly susceptible to the typical budget flush we see at the end of the year. Significant slowdown in Europe and the overall macroeconomic environment. As we have seen this year, companies with exposure to Europe have witnessed a significant deceleration in business as economic conditions in the region have continued to worsen. We don t think Qualys is any different. That being said, security is typically less discretionary than other software segments, which should insulate Qualys somewhat in weakening markets. Potential for dilutive acquisitions. One of the components to management s strategy for future growth is selectively pursuing technology acquisitions to enhance the company s technology platform. Given the pace of consolidation in the space, Qualys may feel pressured to make acquisitions within the near future, which could have the potential to be dilutive to earnings. Larger enterprises may opt for more control. One of the inherent risks of outsourcing a service to a third party is having to rely on that vendor to provide in this case, in particular a missioncritical function that cannot be jeopardized. As is the case, it is foreseeable that larger enterprises, in particular, may not feel comfortable outsourcing such an integral component of their risk management. If that does turn out to be the case, adoption of SecaaS will likely be much less than expected. Page 174 December 18, 2013

174 BMO Capital Markets Qualys Qualys uses third-party data centers. Currently, Qualys hosts all its solutions from two thirdparty data centers, located in the United States and Switzerland. The data centers are not currently redundant, and the company cannot rapidly move customers from one data center to another. Qualys is looking to add data centers capacity and enable disaster recovery. Dell accounts for 5% of revenues. Dell is Qualys s largest channel partner and accounted for 5% of its revenues in the nine months ended September 30, Page 175 December 18, 2013

175 BMO Capital Markets Qualys Financial Models Exhibit 4. Income Statement FY2013E FY2014E ($ in millions except per share) FY2012 3/31/2013 6/30/2013 9/30/ /31/2013E FY2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E FY2014E FY2015E Total Revenue $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Cost of Revenue $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Gross Profit $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Expenses Research & development $ $ $ $ $ Sales & marketing $ $ $ $ $ General and administrative $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ Total Non-GAAP Operating Expenses $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Operating Income $ $ $ $ $ $ $ $ $ $ $ $ (+) Depreciation $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP EBITDA $ $ $ $ $ $ $ $ $ $ $ $ Other income (expense), net $ $ $ (0.102) $ (0.007) $ (0.007) Non-GAAP Earnings Bef.Taxes $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ Provision for Income Taxes $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP Tax Rate 5.7% 16.8% 4.2% 6.7% 10.0% 7.4% 7.7% 6.8% 5.8% 4.7% 6.1% 4.3% Non-GAAP Net Income (1) $ $ $ $ $ $ $ $ $ $ $ $ Non-GAAP EPS (1) $ 0.21 $ 0.01 $ 0.06 $ 0.08 $ 0.05 $ 0.20 $ 0.05 $ 0.06 $ 0.07 $ 0.09 $ 0.27 $ 0.37 Avg. Diluted Shares Outstanding (1) Non-GAAP excludes: amortization, stock-based comp, and acquisition related costs. Expense Analysis: Cost of Revenues 19.8% 22.9% 22.1% 22.7% 22.8% 22.6% 22.9% 22.9% 22.9% 22.9% 22.9% 23.0% Research & Development 21.1% 20.5% 19.2% 17.7% 18.5% 18.9% 18.5% 18.4% 18.3% 17.9% 18.3% 17.8% Sales and Marketing 40.1% 39.7% 38.0% 36.2% 39.0% 38.2% 38.5% 38.2% 37.5% 36.5% 37.6% 36.7% General and Administrative 11.6% 14.2% 12.6% 12.2% 12.5% 12.8% 12.5% 12.4% 12.3% 12.2% 12.3% 12.1% Depreciation and amortization 7.5% 8.5% 9.0% 9.2% 9.1% 9.0% 9.0% 9.0% 9.0% 9.0% 9.0% 9.0% Margin Analysis: Non-GAAP Gross Margin 80.2% 77.1% 77.9% 77.3% 77.2% 77.4% 77.1% 77.1% 77.1% 77.1% 77.1% 77.0% Non-GAAP Operating Margin 7.3% 2.7% 8.0% 11.2% 7.2% 7.4% 7.6% 8.1% 9.0% 10.5% 8.9% 10.4% Non-GAAP EBITDA Margin 14.8% 11.2% 17.0% 20.4% 16.3% 16.4% 16.6% 17.1% 18.0% 19.5% 17.9% 19.4% Non-GAAP Tax Rate 5.7% 16.8% 4.2% 6.7% 10.0% 7.4% 7.7% 6.8% 5.8% 4.7% 6.1% 4.3% Non-GAAP Net Margin 6.5% 1.4% 8.0% 10.5% 6.5% 6.7% 6.8% 7.3% 8.3% 9.8% 8.1% 9.7% Sequential Growth Rates: Total Revenue.9% 5.7% 5.5% 4.4% 1.3% 5.8% 5.8% 4.6% Gross Profit (2.9%) 6.8% 4.7% 4.3% 1.2% 5.8% 5.8% 4.6% Non-GAAP Operating Margin -72.9% 210.8% 48.3% (33.1%) 7.0% 12.8% 17.6% 22.0% Non-GAAP Net Income (83.1%) 510.1% 38.0% (35.4%) 5.7% 14.4% 19.4% 24.0% Year-Over-Year Growth: Total Revenue 20.0% 17.4% 18.5% 18.7% 17.5% 18.0% 18.0% 18.2% 18.5% 18.7% 18.4% 19.0% Gross Profit 16.1% 12.3% 16.1% 13.9% 13.2% 13.9% 18.0% 17.0% 18.3% 18.5% 18.0% 18.8% Operating expenses 15.6% 12.6% 9.0% 14.0% 17.5% 13.3% (73.0%) 5.1% 4.4% 2.3% 15.4% 16.2% Non-GAAP Operating Income 21.7% 3.0% 170.4% 13.4% (16.5%) 19.5% 230.1% 19.8% (5.0%) 73.1% 41.9% 39.1% Non-GAAP Net Income 31.2% (30.8%) 195.7% 8.1% (7.9%) 21.8% (72.6%) 14.4% 19.4% 24.0% 42.7% 42.8% Non-GAAP EPS (20.8%) (12.0%) (3.8%) (73.5%) 12.8% 17.9% 22.4% 35.1% 35.7% Source: BMO Capital Markets Research, company documents. Page 176 December 18, 2013

176 BMO Capital Markets Qualys Exhibit 5. Balance Sheet ($ in millions) FY2012 FY2013E FY2014E FY2015E Assets 12/31/2012 3/31/2013 6/30/2013 9/30/ /31/2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E 3/31/2015E 6/30/2015E 9/30/2015E 12/31/2015E Cash and Cash Equivalents $ $ $ $ $ $ $ $ $ $ $ $ $ Accounts Receivable, net $ $ $ $ $ $ $ $ $ $ $ $ $ Prepaid expenses and other $ $ $ $ $ $ $ $ $ $ $ $ $ Total Current Assets $ $ $ $ $ $ $ $ $ $ $ $ $ Restricted cash $ $ $ $ $ $ $ $ $ $ $ $ $ Long term investments $ $ $ $ $ $ $ $ $ $ $ PP&E, net $ $ $ $ $ $ $ $ $ $ $ $ $ Intangible assets $ $ $ $ $ $ $ $ $ $ $ $ $ Goodwill $ $ $ $ $ $ $ $ $ $ $ $ $ Other noncurrent assets, net $ $ $ $ $ $ $ $ $ $ $ $ $ Total Assets $ $ $ $ $ $ $ $ $ $ $ $ $ Liabilities Accounts payable $ $ $ $ $ $ $ $ $ $ $ $ $ Accrued liabilities $ $ $ $ $ $ $ $ $ $ $ $ $ Notes payable $ $ $ $ $ Capital lease obligations $ $ $ $ $ $ $ $ $ $ $ $ $ Deffered revenue $ $ $ $ $ $ $ $ $ $ $ $ $ Total Current Liabilities $ $ $ $ $ $ $ $ $ $ $ $ $ Deferred revenue, noncurrent $ $ $ $ $ $ $ $ $ $ $ $ $ Notes payable long term $ Income taxes payable $ $ $ $ $ $ $ $ $ $ $ $ Capital lease obligations $ $ $ $ $ $ $ $ $ $ $ $ $ Other long term liabilities $ $ $ $ $ $ $ $ $ $ $ $ $ Total Liabilities $ $ $ $ $ $ $ $ $ $ $ $ $ Convertible Preferred Stock $ Stockholders' Equity $ $ $ $ $ $ $ $ $ $ $ $ $ Total Liabilities + Stockholder's Equity $ $ $ $ $ $ $ $ $ $ $ $ $ % Change Y/Y Cash and Cash Equivalents 382.5% 308.5% 273.8% 290.9% (16.2%) (14.8%) (2.3%) 5.4% 20.1% 18.2% 20.0% 20.7% 19.7% Receivables 18.3% 22.2% 25.0% 6.7% 4.8% 9.5% 10.8% 11.3% 2.6% 9.6% 10.9% 11.3% 10.6% Balance Sheet Summary Current Ratio Book Value Per Share $2.61 $2.63 $2.72 $2.77 $2.65 $2.64 $2.65 $2.67 $2.71 $2.73 $2.77 $2.83 $2.89 Cash Per Share $3.38 $3.55 $3.01 $2.78 $2.70 $2.87 $2.76 $2.78 $3.08 $3.22 $3.14 $3.19 $3.50 Return On Equity 69.7% 16.0% 8.1% 5.6% 7.5% 6.9% 6.2% 7.0% 10.2% 8.7% 9.2% 9.7% 13.2% Return on Assets 6.1% 4.1% 3.0% 3.0% 4.0% 3.7% 3.3% 3.6% 5.2% 4.4% 4.6% 4.9% 6.6% Working Capital, net $19.1 $12.9 $13.9 $21.1 $20.2 $15.4 $19.8 $22.1 $20.4 $16.9 $22.1 $24.7 $22.8 Avg. Diluted Shares Outstanding Model Assumptions DSO (off revenues) Accounts Payable Days (off COGS) Source: BMO Capital Markets Research, company documents. Page 177 December 18, 2013

177 BMO Capital Markets Qualys Exhibit 6. Cash Flow Statement ($ in millions) FY2012 3/31/2013 6/30/2013 9/30/ /31/2013E FY2013E 3/31/2014E 6/30/2014E 9/30/2014E 12/31/2014E FY2014E FY2015E Operating Activities non GAAP non GAAP non GAAP non GAAP non GAAP non GAAP non GAAP non GAAP Net income $ $ (0.603) $ $ $ $ $ $ $ $ $ $ Depreciation and Amortization $ $ $ $ $ $ $ $ $ $ $ $ Provision for bad debts, net of write offs $ $ $ $ $ $ $ Loss on disposal of PP&E $ $ $ $ Stock based compensation $ $ $ $ $ $ $ Non cash interest $ $ $ (0.049) $ $ Amortization of premiums on investments $ $ Net change in assets and liabilitites, excl. acquisitions FY2013E FY2014E Accounts receivable $ (4.014) $ $ (3.920) $ $ (0.696) $ $ $ (4.549) $ (2.451) $ $ (0.664) $ (2.795) Prepaid expenses and other $ $ $ $ $ $ $ $ $ $ $ $ Long term assets $ $ $ (0.826) $ $ (6.989) $ (6.163) $ (0.857) $ (0.703) $ (0.541) $ (0.405) $ (2.506) $ (2.327) Accounts payable and accrued liabilities $ (1.405) $ (0.244) $ $ (3.438) $ $ (0.210) $ (0.099) $ $ $ $ $ Deferred revenue $ $ $ $ $ $ $ $ $ $ $ $ Income taxes payable $ $ $ Other liabilities $ (0.062) $ $ (0.446) $ $ $ (0.379) $ $ $ $ $ $ Net Cash from Operations $ $ $ $ $ $ $ $ $ $ $ $ Investing Activities Purchase of PP&E $ (11.188) $ (3.650) $ (2.588) $ (7.776) $ (7.776) $ (11.474) $ (3.500) $ (3.500) $ (3.500) $ (3.500) $ (14.000) $ (16.000) Purchase of short term investments $ $ (80.441) $ (33.248) Sales and maturities of investments $ $ Released of restricted cash $ $ Acquisition of businesses, net $ (0.049) $ $ $ $ $ Net Cash from Investing $ (94.784) $ $ $ (28.124) $ (7.776) $ (16.448) $ (3.500) $ (3.500) $ (3.500) $ (3.500) $ (14.000) $ (16.000) Financing Activities Notes payable $ $ $ $ $ $ Capital lease obligations $ (2.401) $ (0.328) $ (0.327) $ (0.593) $ (1.248) $ $ Payment related to acquisitions $ $ Proceeds from issuance of stock $ $ $ $ $ $ $ Noncash adjustments $ $ $ $ $ $ Net Cash from Financings $ $ $ $ $ $ $ $ $ $ $ $ Foreign Currency Impact $ (0.033) $ (0.072) $ (0.024) $ (0.032) $ (0.128) $ $ Net Increase / Decrease in Cash $ $ $ $ (16.400) $ (1.617) $ $ $ (2.698) $ $ $ $ FCFE $ $ 6.41 $ 0.22 $ 2.49 $ (1.62) $ $ 7.37 $ (2.70) $ 2.38 $ $ $ y o y 9% 4% 108% 269% 120% 68% 15% 1310% 4% 897% 12% 18% FCFF $ $ 6.63 $ 0.13 $ 2.48 $ (1.62) $ $ 7.44 $ (2.63) $ 2.46 $ $ $ y o y 8% 2% 105% 266% 120% 64% 12% 2198% 1% 899% 13% 17% FCFE/Share $ 0.37 $ 0.19 $ 0.00 $ 0.07 $ (0.04) $ 0.50 $ 0.20 $ (0.07) $ 0.06 $ 0.34 $ 0.53 $ 0.59 Source: BMO Capital Markets Research, company documents. Page 178 December 18, 2013

178 Symantec (SYMC-NASDAQ) Stock Rating: Market Perform Industry Rating: Outperform December 18, 2013 Joel P. Fishbein, Jr BMO Capital Markets Corp. Brett Fodero BMO Capital Markets Corp. Initiating Coverage With a Market Perform Rating and $24 Price Target Investment Thesis From a long-term perspective, Symantec should be poised for modest growth through improved execution, leveraging its broad technology portfolio, and margin expansion. We are encouraged about newly implemented management changes, but we see few near-term catalysts to drive the stock from current levels. In addition, we believe it is unlikely the company will meet its 30% operating margin target in FY2015. Execution across the three main product groups is likely to remain inconsistent, in our view. Forecasts & Valuation Key to hitting margin expansion targets and driving shares higher is revenue growth, which we believe will remain challenged in the near term. In the last quarter, license revenue was down 31% after significant changes began to take place in the company s go to market (GTM) model, and revenue is expected to be down 3%-4% in FY2014. Management recommitted to delivering a non- GAAP operating margin of more than 30% and a 5% organic growth rate for FY This may prove difficult as Symantec transitions its GTM model and reinvigorates its product line. Recommendation We are initiating coverage with a Market Perform rating and $24 price target based on 13x our 2015 EPS estimate. We see shares range bound until clear signs of consistent growth emerge, which are key to expanding margins. Price (17-Dec) $ Week High $27.10 Target Price $ Week Low $17.90 Symantec Corporation (SYMC) Price: High,Low,Close(US$) Relative to S&P Volume (mln) Last Data Point: December 16, 2013 (FY-Mar.) 2012A 2013A 2014E 2015E EPS $1.60 $1.77 $1.78 $1.87 P/E 12.9x 12.3x CFPS $2.21 $1.84 $1.23 $1.43 P/CFPS 18.7x 16.1x Rev. ($mm) $6,730 $6,906 $6,648 $6,714 EV ($mm) $13,790 $13,790 $13,790 $13,790 EBITDA ($mm) $1,952 $2,054 $2,022 $2,188 EV/EBITDA 7.1x 6.7x 6.8x 6.3x Quarterly EPS Q1 Q2 Q3 Q4 2012A $0.40 $0.39 $0.42 $ A $0.43 $0.45 $0.45 $ E $0.44a $0.50a $0.42 $0.42 Dividend $0.60 Yield 2.6% Book Value $8.11 Price/Book 2.8x Shares O/S (mm) Mkt. Cap (mm) $16,261 Float O/S (mm) Float Cap (mm) $15,955 Wkly Vol (000s) 36,989 Wkly $ Vol (mm) $860,377 Net Debt ($mm) -$1,738 Next Rep. Date na Notes: All values in US$. First Call Mean Estimates: SYMANTEC (SYMC): 2014E $1.78; 2015E $ Page 179 December 18, 2013

179 BMO Capital Markets Symantec Investment Drivers Reinvigorating a product line of disparate point products to deliver integrated offerings a step in the right direction. Symantec has been built through acquisitions and point products that have never been integrated or invested in. This has left the company unable to keep up with the pace of change in the industry and effectively leverage its intellectual propriety assets. The crux behind the company s new product strategy is delivering customers best-of-breed products that meet the particular needs of those customers. The company continues to evaluate existing point solutions and is reallocating dollars based on the competitive position and market opportunity. Management has also made it clear that it aims to simplify both the customer experience and the company s business model. As it pertains to the former, management will begin to simplify its licensing structure by reducing the number of options and complexity of the deals. Additionally, products tailored to specific customers should, theoretically, make purchasing decisions easier for the customer base. Specifically, management now has dedicated teams to build the 10 new integrated offerings that solve higher order customer problems. By that, management means to tailor the company's product offering to customer size, for a particular deployment method, and/or to meet specific legal or compliance issues. Second, Symantec will focus on the scale to meet its largest customer needs. Third, simplifying the integration of Symantec solutions will be an integral component of its growth strategy. Similarly, Symantec will increase its cross platform reach by offering more heterogeneous solutions. Partnerships and new offerings are expected to be announced during the RSA conference in 1Q13. Several new products are set to launch over the next three to six months. Symantec has a renewed focus on developing market leading solutions to not only maintain market share but to help reaccelerate the growth rate. The three new products that we will be closely monitoring are 1) a messaging gateway that will include both DLP technology as well advanced persistent threat (APT); 2) a new integrated security service, which will offer complete protection and intelligent integrations for customers needing to seamlessly extend security and compliance strategies to their virtual domain; and 3) a new data center gateway solution. Likely a winding road toward consistent execution. In the last quarter, license revenue was down 31% after significant changes began to take place in the company s go-to-market model. Historically, the sales team focuses on both new business and renewals and often times delegations are not clear cut. Up until now, this has created significant inefficiencies in the sales organization and has resulted in sub-par results. Now, the sales force is solely focused on new business generation while a new renewals team will focus on retaining business. To accompany this change, management will build new sales processes to further streamline the business and reduce redundancies. The company made the following changes to the sales force: In July, 90% of direct sales people changed coverage and 35% of middle management was eliminated. Direct new business sales reps now only focus on new business and specializing on either information security or information management versus traditional generalists selling ~150 point solutions. Launched a centrally managed group that is focused exclusively on renewals. Page 180 December 18, 2013

180 BMO Capital Markets Symantec The company is also in the midst of rolling out a new partner strategy that will align the economics and incentives based on the value created by the partner and their commitment to Symantec. Achieving long-term margin targets likely challenging. Management recommitted to delivering a non-gaap operating margin of more than 30% and a 5% organic growth rate for the FY time frame after its 2Q14 miss. We believe that without divestiture(s) of declining and zero-growth businesses, the 5% organic revenue target will be hard to achieve. This growth hinges on significant acceleration in internal product innovation with the first results coming in the next 6-24 months. That, combined with de-focusing of M&A, leaves us skeptical in light of tough competition and the rapid technological changes brought about by the move to the cloud. The company's goal is to increase R&D as a percentage of sales and slightly decrease G&A as a percentage of sales. The biggest lever is S&M, where the company is trying to make major changes. However, we do believe there still is leverage in the model. The salesforce has now been reorganized and is no longer being paid on renewals. We believe that there remain several hundred basis points in potential leverage as sales and marketing costs are reduced from 41% of revenue to a more industry normal average into the low- to mid-30% range. We see limited downside to shares at current levels. The company has a diversified and sticky customer base with more than 70% of quarterly revenue coming off the balance sheet. The company has committed to returning approximately 50% of free cash flow to stockholders through a combination of dividends and share repurchases over time, and is in the midst of a significant cost reduction, which should lead to significant margin leverage. Market Backdrop Cyber crime has surpassed illegal drug trafficking as a criminal money-maker -- one in five people in the world will become a victim, according to Symantec. Cybercriminals and hackers are expending significant resources to acquire sensitive intellectual property and personal data, causing financial and reputational damage; nation-states are pursuing cyber espionage targeting critical infrastructure grids and highly sensitive information that can threaten national security and launch denial of service attacks. Security software makes up about 8% overall enterprise software spending. Gartner projects that by 2017, total security spending (total security spending less security services) will increase to $39.1 billion from $27.7 billion in 2012, representing a five-year CAGR of 7.2%. Data protection increasing in importance and Symantec has solid products to address these areas. A recurring theme in our conversations with customers, vendors, channel partners, and other industry participants is the need for protecting data regardless of its location and form. The rise in high-profile data breaches, we believe, similar to the high-profile viruses in the beginning of the 2000s, will cause resurgence in spending on data security protection technologies. We believe that data protection, identity and access management (IAM), transaction security, and security management, will converge over time to more effectively deal with sophisticated threats and better protect data. Data is growing faster than the ability to store it and manage it effectively. In the past two years, 90% of the world's data was created, 80% of which is unstructured. This provides both an Page 181 December 18, 2013

181 BMO Capital Markets Symantec opportunity and a challenge for Symantec. Software churn provides a significant opportunity, and a third of the market's installed base of backup software could churn over in the next three years owing to disruptive forces, such as virtualization and the cloud. Processes related to data need to be automated to deal with data scale and cost issues; the rapid emergence of private and public clouds requires new data management capabilities; compliance regulations mandate companies keep data for longer periods of time. Symantec is an incumbent and has been losing share. The company is in the process of rationalizing products to address specific customer sizes, including data management. This could over time help to stem share loss and re-engage the base with new products. Company Overview Symantec is a global leader in security, backup, and availability solutions. Its products and services protect people and information in any digital environment from the mobile device, to the enterprise data center, to the cloud. Its software and services protect against advanced threats independent of the device and environment in which information is used or stored. The company is in the midst of a transformation focused on reinvigoration three key areas: products and services, go-to-market, and organizational structure. User Productivity and Protection: End-point security, end-point management, encryption, and mobile businesses. Information Security: Authentication, mail and web security, hosted security services, data center security, managed security services, and data loss prevention offerings. Information Management: backup and recovery, information intelligence, which includes archiving and e-discovery, and information availability (Storage Management). Customers need to secure and manage an enormous amount of information. The amount of information that is created increases exponentially each year and securing and managing IT environments becomes more challenging. Symantec s core businesses include consumer, endpoint security, storage management, and backup to provide, storage and systems management solutions for customers ranging from consumers to large global organizations. Symantec is leveraging internal R&D, acquisitions and partnerships to address new emerging areas such as mobile, virtualization, and SaaS to reduce cost and complexity for their customers. From securing a consumer s online identity and interactions to protecting an organization s mission-critical data, Symantec offers a comprehensive product portfolio including security, backup and recovery, data availability, and data loss prevention products. As a platform-neutral software company (agnostic to operating system or hardware environment), Symantec helps customers manage their infrastructure with efficiency, on physical, virtual, and cloud platforms. With multi-platform software and a worldwide delivery and support infrastructure, Symantec helps customers optimize technology investments throughout their lifetimes. Page 182 December 18, 2013

182 BMO Capital Markets Symantec Symantec has a comprehensive portfolio of security and management software, from the all-inone Norton security products to an integrated enterprise software portfolio, Symantec helps standardize and automate the way people and organizations enforce policies from online safety to company-wide IT compliance. User Productivity and Protection Symantec s endpoint security and management offerings help customers secure their environment by addressing the changes in the threat landscape, the evolution of the endpoint to include more mobile devices, and the pressure to reduce cost and complexity. The company's solutions encrypt and prevent sensitive information from leaving an organization. It offers two-factor authentication and cloud-based single-sign-on functionality to better protect the identities of an organization s employees. Symantec mobile enterprise solutions include encryption, validation and identity protection, managed public key infrastructure (PKI), mobile management, app center, mobile security for Android, endpoint protection for enterprise and small business and protection suites. The endpoint security business faces secular challenges as more of security intelligence is moving to the network and it hard for us to see how Symantec can create a sustainable growing enterprise endpoint security business. Its consumer products help customers deal with increasingly complex threats, the proliferation of mobile devices, the need for identity protection, and the rapid increase in digital data, such as personal financial records, photos, music, and videos. Products include Norton 360, Norton 360 Multi-Device, Norton Internet Security, Norton AntiVirus, Norton One, Norton Online Backup, Norton Mobile Security, and Norton Live Services. Information Security Symantec s information security businesses help to keep organizations safe and compliant with industry and government regulations. Its solutions allow customers to secure their messaging and web environments, via either on-premise or hosted solutions. Symantec authentication services enable organizations to protect assets by ensuring the true identity of devices, systems, or applications connecting to them and using Secure Socket Layer (SSL) technology to encrypt data in transit. Products include critical system protection and trust services. Its data loss prevention solution helps businesses proactively protect their information by taking a content-aware approach. Symantec threat and risk management solutions allow customers to develop and enforce IT policies, automate IT risk management processes, and demonstrate compliance with industry standards and regulations. Its managed security services extend the company's security expertise through a combination of remote monitoring, on-call assistance, and management. Products include Security Incident Manager (SIM), Managed Security Services, and Control Compliance Suite. Page 183 December 18, 2013

183 BMO Capital Markets Symantec Information Management Symantec s storage and server management solutions enable organizations to ensure business continuity and manage the information-driven world by leveraging the company's backup and recovery, archiving, ediscovery, storage management, and high availability solutions. Backup and Recovery business, which includes software, appliances, and cloud-based offerings, helps small and medium-sized businesses (SMB) and enterprise organizations address the rapid growth of information, data duplication, and virtual environments. With the company's solutions, customers can backup and deduplicate data closer to information sources to reduce storage consumption. Products include NetBackup on-premise and appliance, Backup Exec. ediscovery and intelligent information governance solutions allow organizations to bridge the gap between their business, legal, and IT groups, and to reduce their risks and costs. Products include Enterprise Vault, Enterprise Vault.cloud, and ediscovery. Storage management and high availability businesses address customers need to maintain high service levels and reduce overall storage costs through improved utilization of existing systems, virtualization, and cloud infrastructure offerings. Products include Storage Foundation, Cluster Server, Operations Manager, ApplicationHA, Data Insight, and VirtualStore. Balance Sheet and Capital Allocation Symantec has $1.738 billion in net cash on its balance sheet or $2.46 per share. The company has committed to returning approximately 50% of free cash flow to stockholders through a combination of dividends and share repurchases over time. Its current quarterly cash dividend is $0.15, and has $908 million remaining on authorized share repurchase. Current Outlook Key to hitting margin expansion targets, and driving shares higher, is revenue growth, which we believe will remain challenged in the near term. In the last quarter, license revenue was down 31% after significant changes began to take place in the company s go-to-market model, and revenue is expected to be down 3%-4% in FY2014. Management recommitted to delivering a non-gaap operating margin of more than 30% and a 5% organic growth rate for FY This may prove difficult as the company transitions its GTM model and reinvigorates its product line. Page 184 December 18, 2013

184 BMO Capital Markets Symantec Exhibit 1. BMO vs. Consensus 3Q FY2014E FY2014E FY2015E ($M) BMO Est. Guidance Street Est. BMO Est. Guidance Street Est. BMO Est. Street Est. Total revenue (non GAAP) $1,659 $1,630 $1,670 $1,654 $6,648 $6,906 $7,044 $6,648 $6,714 $6,801 y/y grwoth 7.4% 7.6% 3.7% 3.7% 1.0% 2.3% Non GAAP GM 83.5% 83.6% 83.5% Non GAAP OM 25.9% 25.6% 26.2% 26.2% ~27.7% 28.2% Non GAAP EPS $0.42 $0.41 $0.43 $0.42 $1.78 $ $1.78 $1.87 $1.91 CFO $ $1, $1, Source: BMO Capital Markets Research, Thomson Reuters. Exhibit 2. DCF Analysis Valuation Our 10-year DCF analysis makes the following key assumptions, resulting in a long-term price of $24, implying a 6% premium to current levels: Revenue CAGR of 2%. EBIT margin slowly increasing to 35%. 8.0% WACC. 7x terminal cash flow multiple. Tax rate of 28%. ($in millions, except per share) FY2014E FY2015E FY2016E FY2017E FY2018E FY2019E FY2020E FY2021E FY2022E FY2023E TV CAGR Revenues $6,648 $6,714 $6,848 $6,985 $7,195 $7,410 $7,633 $7,862 $8,098 $8,259 $8,259 2% Growth -3.6% 1.0% 2.0% 2.0% 3.0% 3.0% 3.0% 3.0% 3.0% 2.0% 2.0% EBIT $1,739 $1,896 $2,002 $2,112 $2,247 $2,389 $2,537 $2,652 $2,772 $2,869 $2,910 6% EBIT Margin 26% 28% 29% 30% 31% 32% 33% 34% 34% 35% 35% Taxed EBIT $1,252 $1,365 $1,441 $1,521 $1,618 $1,720 $1,826 $1,909 $1,996 $2,066 $2,095 Depreciation $283 $292 $298 $304 $313 $322 $332 $342 $352 $359 $359 CapEx ($358) ($380) ($388) ($395) ($407) ($419) ($432) ($445) ($458) ($467) ($467) Change in Working Capital ($399) ($416) $0 $0 $0 $0 $0 $0 $0 $0 $0 Free Cash Flow $778 $861 $1,352 $1,429 $1,524 $1,623 $1,726 $1,806 $1,890 $1,957 $1,987 11% Growth 11% 57% 6% 7% 7% 6% 5% 5% 4% 5% Discounted FCF $720 $738 $1,073 $1,050 $1,037 $1,023 $1,007 $976 $945 $907 Cumulative cash flow $9,477 61% Tax Rate 28% WACC Cash Flow Multiple Terminal Value $5,966 39% WACC 8.0% $ x 6.5x 7.5x 8.5x 9.5x 10.5x Total DCF value $15, % Cash Flow 7.0x 10% $20.0 $21.0 $21.9 $22.9 $23.9 $24.9 Debt $2,094 Multiple 11% $18.9 $19.8 $20.7 $21.6 $22.4 $23.3 Cash $3,832 $1,738 12% $17.9 $18.7 $19.5 $20.3 $21.1 $21.9 Market Value of Equity $17,180 $ % $17.0 $17.7 $18.4 $19.2 $19.9 $20.6 Shares Outstanding % $16.1 $16.8 $17.4 $18.1 $18.8 $19.4 Share Price $ % $15.3 $15.9 $16.5 $17.1 $17.7 $18.4 Current Price $23.00 upside/(downside) 6% Source: BMO Capital Markets Research, company documents. Our $24 price target is based on 13x our 2015 EPS estimate. Page 185 December 18, 2013

185 BMO Capital Markets Symantec Exhibit 3. Peer Analysis (in Millions, Except Per Share Data) Recent Cash/ EV/Sales EV/FCFF P/E Revenue Growth Ticker Rating Price EV Share FY1E FY2E FY1E FY2E FY1E FY2E FY0-'FY1E FY1E-'FY2E Symantec Corp SYMC Market Perform $23.00 $14,523 $ x 2.2x 17.7x 15.1x 12.9x 12.3x -3.7% 1.0% vs Security Software: large-cap -58% -55% 89% NA -55% -50% vs Large cap benchmarks -9% -7% 71% 57% 23% 20% Security Software Check Point Software Technologies Ltd CHKP Market Perform $61.84 $8,794 $ x 6.0x 9.3x 9.3x 18.1x 17.2x 3.6% 5.6% Fortinet Inc FTNT NC $17.88 $2,503 $ x 3.7x NA NA 38.8x 31.8x 13.2% 13.5% Average 5.2x 4.8x 9.3x 9.3x 28.5x 24.5x 8.4% 9.5% Large cap benchmarks Microsoft Corp MSFT NC $36.52 $243,136 $ x 2.7x NA NA 12.5x 11.6x 7.5% 6.6% Ca Inc CA NC $32.48 $13,596 $ x 3.0x NA NA 10.8x 12.6x -3.0% 1.2% Cisco Systems Inc CSCO Outperform $20.92 $81,561 $ x 1.7x NA NA 10.6x 10.1x -4.5% 4.0% International Business Machines Corp IBM Market Perform $ $220,974 -$ x 2.2x NA NA 10.5x 9.9x -4.0% 0.9% Hewlett-packard Co HPQ Market Perform $26.90 $62,610 -$ x 0.6x NA NA 7.3x 7.1x -2.9% -0.6% Oracle Corp ORCL Outperform $33.54 $151,014 $ x 3.7x 10.3x 9.6x 11.4x 10.4x 3.0% 5.0% Average 2.4x 2.3x 10.3x 9.6x 10.5x 10.3x -0.6% 2.9% (Fishbein - SYMC, ORCL) (Bachman - HPQ, IBM) (Long - CSCO) (NC = Not covered. Thomson data for not covered companies) *Estimates reflect latest complete and forward fiscal years Source: BMO Capital Markets Research, Thomson Reuters. Stock prices as of the close on December 17, Risks Changes to the business environment. The business is influenced by a range of factors including general economic conditions, competition, product obsolescence, technological change, shifts in buying patterns, financial difficulties and budget constraints of the company's current and potential customers, levels of broadband usage, awareness of security threats to IT systems, and other factors. Execution risk. In July, 90% of direct sales people changed coverage and 35% of middle management were eliminated, which negatively affected growth. Additionally, the company plans to make changes to its partner channel. Failure to successfully implement this new strategy could adversely affect growth rates and margins. Failure to reinvigorate products. The company continues to evaluate existing point solutions and is reallocating dollars based on the competitive position and market opportunity. Failure to innovate, price, and package products could affect growth rates and margins. Pricing and delivery models are evolving. The company is increasing focus on the delivery of products in an appliance form factor and Cloud subscription offerings have become increasingly critical in its business lines. Failure to successfully keep up with these trends could affect growth rates and margins. Competition. Competition in the sales of products and services is fierce, and Symantec could face pressure to change pricing, which could adversely affect growth rates and margins. International operations. Symantec garners roughly 54% of total revenue from outside the Americas. Currency fluctuations can have an adverse effect on growth rates and margins. Other risks include legal, security breaches, and macro. Page 186 December 18, 2013

186 BMO Capital Markets Symantec Financial Models Exhibit 4. Income Statement Symantec Income Statement FY2012 FY2013 FY2013 FY2014E FY2014E FY2015E ($ in millions except per share) FY2012 Q1-Jun-12 Q2-Sept-12 Q3-Dec-12 Q4-Mar-13 FY2013 Q1-Jun-13 Q2-Sept-13 Q3-Dec-13E Q4-Mar-14E FY2014E FY2015E REVENUE BY SEGMENT User Productivity & Protection $ 2,974 $ 737 $ 743 $ 749 $ 747 $ 2,976 $ 732 $ 719 $ 704 $ 710 $ 2,865 $ 2,900 Information Security $ 1,198 $ 314 $ 324 $ 337 $ 326 $ 1,301 $ 336 $ 316 $ 320 $ 313 $ 1,285 $ 1,310 Information Management $ 2,558 $ 617 $ 632 $ 705 $ 675 $ 2,629 $ 641 $ 602 $ 635 $ 621 $ 2,499 $ 2,504 Total Revenue $ 6,730 $ 1,668 $ 1,699 $ 1,791 $ 1,748 $ 6,906 $ 1,709 $ 1,637 $ 1,659 $ 1,644 $ 6,648 $ 6,714 YoY Growth User Productivity & Protection 5.4% -0.9% -0.5% 0.3% 1.5% 0.1% -0.7% -3.2% -6.0% -5.0% -3.7% 1.2% Information Security 34.6% 14.2% 11.3% 7.0% 2.8% 8.6% 7.0% -2.5% -5.0% -4.0% -1.2% 1.9% Information Management 3.2% -2.7% -1.7% 8.0% 7.5% 2.8% 3.9% -4.7% -10.0% -8.0% -5.0% 0.2% Total 8.7%.9% 1.1% 4.4% 4.0% 2.6% 2.5% (3.6%) (7.4%) (6.0%) (3.7%) 1.0% Non-GAAP Cost of Revenues $ 975 $ 262 $ 261 $ 279 $ 289 $ 1,091 $ 281 $ 267 $ 274 $ 271 $ 1,093 $ 1,108 Non-GAAP Gross Profit $ 5,755 $ 1,406 $ 1,438 $ 1,512 $ 1,459 $ 5,815 $ 1,428 $ 1,370 $ 1,385 $ 1,372 $ 5,555 $ 5,606 Non-GAAP Operating Expenses Sales & Marketing $ 2,744 $ 633 $ 642 $ 712 $ 681 $ 2,668 $ 637 $ 577 $ 595 $ 571 $ 2,380 $ 2,235 R&D $ 920 $ 238 $ 234 $ 236 $ 254 $ 962 $ 248 $ 236 $ 250 $ 265 $ 999 $ 1,075 General & Administrative $ 394 $ 100 $ 95 $ 106 $ 107 $ 408 $ 111 $ 106 $ 110 $ 111 $ 438 $ 400 Total Non-GAAP Operating Expenses $ 4,058 $ 971 $ 971 $ 1,054 $ 1,042 $ 4,038 $ 996 $ 919 $ 955 $ 947 $ 3,817 $ 3,710 Non-GAAP Operating Income $ 1,697 $ 435 $ 467 $ 458 $ 417 $ 1,777 $ (+) Depreciation $ 255 $ 64 $ 71 $ 72 $ $ $ $ $ 430 $ 426 $ 1,739 $ 1,896 $ $ 72 $ 72 $ 283 $ 292 Non-GAAP EBITDA $ 1,952 $ 499 $ 538 $ 530 $ 487 $ 2,054 $ 502 $ 520 $ 502 $ 498 $ 2,022 $ 2,188 Interest income $ 13 $ 3 $ 2 $ 4 $ 3 $ 12 $ 3 $ 3 $ 3 $ 3 $ 11 $ 10 Interest expense $ (59) $ (16) $ (20) $ (23) $ (22) $ (81) $ (20) $ (19) $ (19) $ (19) $ (77) $ (76) Other income (expense), net $ (5) $ 1 $ 1 $ 4 $ 10 $ 16 $ 2 $ 3 $ - $ - $ 5 $ - Non-GAAP Earnings Bef.Taxes $ 1,646 $ 423 $ 450 $ 443 $ 408 $ 1,724 $ 417 $ 438 $ 413 $ 409 $ 1,678 $ 1,830 Provision for Income Taxes $ 422 $ 114 $ 128 $ 130 $ 94 $ 466 $ 109 $ 83 $ 116 $ 115 $ 422 $ 512 Non-GAAP Tax Rate 25.6% 27.0% 28.4% 29.3% 23.1% 27.0% 26.1% 18.9% 28.0% 28.0% 25.2% 28.0% Loss from JV $ 24 $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Non-GAAP Net Income (1) $ 1,200 $ 309 $ 322 $ 313 $ 314 $ 1,258 $ 308 $ 355 $ 298 $ 295 $ 1,255 $ 1,317 Non-GAAP EPS $ 1.60 $ 0.43 $ 0.45 $ 0.45 $ 0.44 $ 1.77 $ 0.44 $ 0.50 $ 0.42 $ 0.42 $ 1.78 $ 1.87 Avg. Diluted Shares Outstanding (1) Non-GAAP excludes: amortization, restructuring, impairments, settlements, and stock-based comp. Expense Analysis: Cost of Revenues 14.5% 15.7% 15.4% 15.6% 16.5% 15.8% 16.4% 16.3% 16.5% 16.5% 16.4% 16.5% Sales & Marketing 40.8% 37.9% 37.8% 39.8% 39.0% 38.6% 37.3% 35.2% 35.9% 34.7% 35.8% 33.3% R&D 13.7% 14.3% 13.8% 13.2% 14.5% 13.9% 14.5% 14.4% 15.1% 16.1% 15.0% 16.0% General & Administrative 5.9% 6.0% 5.6% 5.9% 6.1% 5.9% 6.5% 6.5% 6.6% 6.8% 6.6% 6.0% Margin Analysis: Non-GAAP Gross Margin 85.5% 84.3% 84.6% 84.4% 83.5% 84.2% 83.6% 83.7% 83.5% 83.5% 83.6% 83.5% Non-GAAP Operating Margin 25.2% 26.1% 27.5% 25.6% 23.9% 25.7% 25.3% 27.6% 25.9% 25.9% 26.2% 28.2% EBITDA Margin 29.0% 29.9% 31.7% 29.6% 27.9% 29.7% 29.4% 31.8% 30.2% 30.3% 30.4% 32.6% Non-GAAP Tax Rate 25.6% 27.0% 28.4% 29.3% 23.1% 27.0% 26.1% 18.9% 28.0% 28.0% 25.2% 28.0% Non-GAAP Net Margin 17.8% 18.5% 19.0% 17.5% 17.9% 18.2% 18.0% 21.7% 17.9% 17.9% 18.9% 19.6% Year-Over-Year Growth: Total Revenue 8.7%.9% 1.1% 4.4% 4.0% 2.6% 2.5% (3.6%) (7.4%) (6.0%) (3.7%) 1.0% Gross Profit 9.0% (1.1%) (.3%) 2.9% 2.6% 1.0% 1.6% (4.7%) (8.4%) (5.9%) (4.5%).9% Operating expenses 8.3% (.4%) (4.1%) 3.2% (.7%) (.5%) 2.6% (5.4%) (9.4%) (9.2%) (5.5%) (2.8%) Non-GAAP Operating Income 10.6% (2.5%) 8.9% 2.0% 11.8% 4.7% (.7%) (3.4%) (6.2%) 2.1% (2.2%) 9.0% Non-GAAP Net Income 7.4%.3% 9.2% (.3%) 11.0% 4.8% (.3%) 10.2% (4.9%) (6.0%) (.2%) 4.9% Non-GAAP EPS 12.8% 6.6% 15.8% 5.1% 14.4% 10.3% 1.5% 10.4% (5.6%) (4.9%).4% 5.2% Source: BMO Capital Markets Research, company documents. Page 187 December 18, 2013

187 BMO Capital Markets Symantec Exhibit 5. Balance Sheet FY2012 FY2013 FY2014E FY2015E ($ in millions) Q4-Mar-12 Q1-Jun-12 Q2-Sept-12 Q3-Dec-12 Q4-Mar-13 Q1-Jun-13 Q2-Sept-13 Q3-Dec-13E Q4-Mar-14E Q4-Mar-15E Assets Cash and Cash Equivalents $ 3,211 $ 4,082 $ 4,002 $ 4,200 $ 4,685 $ 3,749 $ 3,727 $ 3,629 $ 3,837 $ 3,937 Short-term investments $ 29 $ 5 $ 52 $ 62 $ 34 $ 105 Accounts Receivable, net $ 940 $ 627 $ 735 $ 1,081 $ 1,031 $ 744 $ 573 $ 781 $ 817 $ 829 Inventories $ 28 $ 27 $ 23 $ 20 $ 24 $ 17 $ 16 $ 16 $ 16 $ 16 Deferred Income Taxes $ 205 $ 192 $ 197 $ 193 $ 198 $ 172 $ 174 $ 174 $ 174 $ 174 Other Current Assets $ 249 $ 262 $ 244 $ 270 $ 315 $ 463 $ 375 $ 375 $ 375 $ 375 Total Current Assets $ 4,633 $ 5,219 $ 5,206 $ 5,816 $ 6,315 $ 5,179 $ 4,970 $ 4,976 $ 5,219 $ 5,332 PP&E, net $ 1,100 $ 1,106 $ 1,114 $ 1,130 $ 1,122 $ 1,102 $ 1,091 $ 1,139 $ 1,187 $ 1,275 Acquired Product Rigths, net Intangible Asssets,net $ 1,337 $ 1,244 $ 1,155 $ 1,065 $ 977 $ 890 $ 852 $ 852 $ 852 $ 852 Goodwill $ 5,826 $ 5,842 $ 5,842 $ 5,843 $ 5,841 $ 5,841 $ 5,859 $ 5,859 $ 5,859 $ 5,859 Investment in Joint Venture $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Long-term Deferred Income Taxes $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Other long-term assets $ 124 $ 145 $ 146 $ 108 $ 124 $ 139 $ 142 $ 142 $ 142 $ 142 Total Assets $ 13,020 $ 13,556 $ 13,463 $ 13,962 $ 14,379 $ 13,151 $ 12,914 $ 12,968 $ 13,259 $ 13,460 Liabilities Accounts Payable $ 324 $ 326 $ 278 $ 317 $ 334 $ 274 $ 249 $ 252 $ 297 $ 290 Accrued Compensation and Benefits $ 416 $ 286 $ 308 $ 454 $ 422 $ 321 $ 312 $ 316 $ 313 $ 338 Current Deferred Revenue $ 3,444 $ 3,236 $ 3,118 $ 3,298 $ 3,496 $ 3,292 $ 3,003 $ 2,939 $ 3,052 $ 2,691 Income Taxes Payable $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Short-term borrowing $ - $ 955 $ 968 $ 982 $ 997 $ - $ - $ - $ - Other current liabilities $ 321 $ 311 $ 336 $ 431 $ 313 $ 318 $ 343 $ 343 $ 343 $ 343 Total Current Liabilities $ 4,505 $ 5,114 $ 5,008 $ 5,482 $ 5,562 $ 4,205 $ 3,907 $ 3,850 $ 4,005 $ 3,662 Long-term debt $ 2,039 $ 2,093 $ 2,093 $ 2,094 $ 2,094 $ 2,094 $ 2,094 $ 2,094 $ 2,094 $ 2,094 Long-term Deferred Revenue $ 529 $ 509 $ 501 $ 508 $ 521 $ 520 $ 498 $ 487 $ 506 $ 446 Long-term Deferred Tax Liabilities $ 288 $ 287 $ 312 $ 321 $ 403 $ 443 $ 474 $ 474 $ 474 $ 474 Long-term Income Tax Payable $ 393 $ 387 $ 371 $ 341 $ 318 $ 327 $ 222 $ 222 $ 222 $ 222 Other long-term liabilities $ 94 $ 84 $ 75 $ 60 $ 60 $ 65 $ 62 $ 62 $ 62 $ 62 Total Liabilities $ 7,848 # $ 8,474 $ 8,360 $ 8,806 $ 8,958 # $ 7,654 $ 7,257 $ 7,190 $ 7,363 # $ 6,960 Stockholders' Equity $ 5,172 $ 5,002 $ 5,088 $ 5,156 $ 5,421 $ 5,497 $ 5,657 $ 5,778 $ 5,896 $ 6,500 Non-controlling interest in subsidiary $ - $ 80 $ 15 $ - $ - $ - $ - $ - Total Liabilities + Stockholder's Equity $ 13,020 $ 13,556 $ 13,463 $ 13,962 $ 14,379 $ 13,151 $ 12,914 $ 12,968 $ 13,259 $ 13,460 % Change Y/Y Cash and Cash Equivalents 8.6% 79.0% 77.9% 78.7% 47.8% (8.0%) (4.4%) (14.6%) (19.2%) 2.6% Receivables (7.2%) (7.1%) 5.9% 7.1% 9.7% 18.7% (22.0%) (27.7%) (20.8%) 1.5% Deferred Revenue 4.0% 1.5% 4.8% 3.8% 1.1% 1.8% (3.3%) (10.0%) (11.4%) (11.8%) Balance Sheet Summary Current Ratio Book Value Per Share $7.03 $6.95 $7.19 $7.34 $7.59 $7.78 $8.00 $8.18 $8.35 $9.22 Cash Per Share $4.36 $5.71 $5.66 $6.06 $6.65 $5.35 $5.42 $5.14 $5.43 $5.58 Net Cash Per Share $1.59 $2.80 $2.70 $3.07 $3.72 $2.39 $2.46 $2.17 $2.47 $2.61 Return On Equity 25.2% 24.7% 24.6% 24.0% 24.3% 23.8% 23.7% 22.8% 22.0% 21.1% Return on Assets 9.8% 9.5% 9.4% 9.1% 9.1% 9.1% 9.5% 9.5% 9.6% 10.0% Working Capital, net $228.0 $42.0 $172.0 $330.0 $299.0 $166.0 $28.0 $228.6 $222.5 $217.5 Total Debt to Capitalization 0.0% 16.0% 16.0% 16.0% 15.5% 0.0% 0.0% 0.0% 0.0% 0.0% Avg. Diluted Shares Outstanding Model Assumptions DSO (excluding deferred revenue) DSO (billings) Accounts Payable Days (off COGS) Accrued Expenses (as % of Sales) 25% 17% 18% 25% 24% 19% 19% 19% 19% 20% Source: BMO Capital Markets Research, company documents. Page 188 December 18, 2013

188 BMO Capital Markets Symantec Exhibit 6.Cash Flow Statement FY2012 FY2013 FY2013 FY2014E FY2014E FY2015E ($ in millions) FY2012 Q1-Jun-12 Q2-Sept-12 Q3-Dec-12 Q4-Mar-13 FY2013 Q1-Jun-13 Q2-Sept-13 Q3-Dec-13E Q4-Mar-14E FY2014E FY2015E Operating Activities non-gaap non-gaap non-gaap non-gaap Net income $ 1,153 $ 172 $ 193 $ 212 $ 188 $ 765 $ 157 $ 241 $ 298 $ 295 $ 990 $ 1,317 Depreciation $ 255 $ 64 $ 71 $ 72 $ 70 $ 277 $ 70 $ 69 $ 72 $ 72 $ 283 $ 292 Amortization $ 401 $ 98 $ 91 $ 87 $ 87 $ 363 $ 86 $ 42 $ 128 $ - Amortization of discount on senior convertrible notes $ 56 $ 13 $ 14 $ 15 $ 16 $ 58 $ 5 $ - $ 5 $ - Stock-based comp $ 164 $ 38 $ 45 $ 42 $ 39 $ 164 $ 39 $ 38 $ 77 $ - Impairment of assets $ 19 $ - $ - $ - $ - Impairment of equity investments $ - $ - $ - $ - $ - Deferred income taxes $ 15 $ 3 $ 12 $ 11 $ 18 $ 44 $ 31 $ 20 $ 45 $ 45 $ 141 $ 146 Income tax benefit from stock options $ - $ - $ - $ - $ - Excess income tax benefit from stock options $ (8) $ - $ (1) $ (1) $ (2) $ (9) $ (4) $ (13) $ - Loss on sale of assets $ - $ - $ - $ (16) $ (16) $ (32) $ - Gain on settlement of litigation $ - $ - $ - $ - $ - Loss from JV $ (499) $ - $ - $ - $ - Realized and other than temporary impairment loss on inv $ - $ - $ - $ - $ - Impairment of goodwill $ - $ - $ - $ - $ - Impairment of other intangible assets $ 4 $ - $ - $ - $ - Other/severance $ 2 $ 6 $ 2 $ (11) $ 10 $ 7 $ 10 $ 1 $ (7) $ (6) $ (3) $ - Net change in assets and liabilitites, excl. acquisitions $ - $ - $ - $ - Accounts receivable, net $ 89 $ 307 $ (104) $ (347) $ 37 $ (107) $ 285 $ 180 $ (208) $ (36) $ 221 $ (12) Inventories $ 2 $ 1 $ 4 $ 4 $ (5) $ 4 $ 6 $ 2 $ 8 $ - Accounts payable $ 30 $ - $ (34) $ 26 $ 41 $ 33 $ (64) $ (28) $ 3 $ 45 $ (44) $ (7) Accrued compensation and benefits $ (31) $ (125) $ 18 $ 147 $ (28) $ 12 $ (102) $ 12 $ 4 $ (3) $ (89) $ 25 Deferred revenue $ 177 $ (187) $ (152) $ 189 $ 269 $ 119 $ (199) $ (357) $ (75) $ 131 $ (499) $ (421) Income taxes payable $ 39 $ 20 $ 22 $ (3) $ (70) $ (31) $ (9) $ (63) $ (72) $ - Other assets $ (14) $ (27) $ 3 $ (21) $ (23) $ (68) $ 1 $ 30 $ 31 $ - Other liabilities $ 47 $ (43) $ (6) $ 41 $ (37) $ (45) $ 21 $ 24 $ 45 $ - Net Cash from Operations $ 1,901 $ 340 $ 178 $ 463 $ 612 $ 1,593 $ 312 $ 191 $ 132 $ 543 $ 1,178 $ 1,340 Investing Activities Capital Expenditures $ (286) $ (79) $ (89) $ (77) $ (91) $ (336) $ (61) $ (57) $ (120) $ (120) $ (358) $ (380) Proceeds from sale of PPE $ - $ - $ - $ - Purchase of intangible assets $ - $ - $ - $ - Cash payments for acquistions, net of cash acquired $ (518) $ (28) $ 24 $ (4) $ (17) $ (17) $ - Investment in JV $ 530 $ - $ - $ - Purchases of available-for-sale securities $ (47) $ 22 $ 22 $ (102) $ (102) $ - Proceeds from sales of available-for-sale securities $ 3 $ 2 $ 1 $ (4) $ (1) $ 32 $ 35 $ 67 $ - Net Cash from Investing $ (318) $ (83) $ (65) $ (76) $ (95) $ (319) $ (29) $ (141) $ (120) $ (120) $ (410) $ (380) Financing Activities Sale of common stock warrants Repurchase of common stock $ (893) $ (301) $ (200) $ (200) $ (125) $ (826) $ (125) $ (125) $ (110) $ (110) $ (470) $ (440) Dividend $ (105) $ (105) $ (105) $ (105) $ (420) $ (420) Net proceeds from sales of ESOP common stock $ 147 $ 4 $ 71 $ 25 $ 181 $ 281 $ 54 $ 106 $ 160 $ - Proceeds from converts $ - $ - $ - $ - Purchase of bond hedge $ - $ (19) $ (19) $ 189 $ 189 $ - Proceeds from ST borrowing $ - $ 996 $ 996 $ - $ - Repayment of ST borrowing $ (600) $ - $ - $ - Excess income tax benefit from stock options $ 7 $ 1 $ 1 $ 9 $ 11 $ 9 $ 4 $ 13 $ - Repayment of other LT liability $ (1) $ (92) $ (92) $ (1,189) $ (1,189) $ - Tax payments related to RSU issuance $ (46) $ (14) $ (4) $ (3) $ (22) $ (43) $ (25) $ (5) $ (30) $ - Net Cash from Financings $ (1,386) $ 685 $ (224) $ (177) $ 24 $ 308 $ (1,192) $ (125) $ (215) $ (215) $ (1,747) $ (860) Foreign Currency Impact $ 15 $ (22) $ (80) $ (12) $ (56) (170) $ $ (27) 53 $ $ 26 - Net Increase / Decrease in Cash $ 212 $ 920 $ (191) $ 198 $ 485 $ 1,412 $ (936) $ (22) $ (203) $ 208 $ (953) $ 100 $ FCFE $ 1,615 $ 261 $ 89 $ 386 $ 521 $ 1,257 $ 251 $ 134 $ 12 $ 423 $ 820 $ 960 y-o-y 6% -42% -62% 18% -13% -22% -4% 51% -97% -19% -35% 17% FCFF $ 1,650 $ 270 $ 102 $ 399 $ 536 $ 1,308 $ 264 $ 147 $ 24 $ 435 $ 870 $ 1,008 y-o-y 6% -41% -58% 18% -12% -21% -3% 44% -94% -19% -33% 16% FCFF/Share $2.21 $0.38 $0.14 $0.57 $0.75 $1.84 $0.37 $0.21 $0.03 $0.62 $1.23 $1.43 Source: BMO Capital Markets Research, company documents. Page 189 December 18, 2013

189 BMO Capital Markets Barracuda (CUDA) Quarterly Price (US$) 26 Share Price(US$) CUDA Relative to S&P 500 CUDA Relative to Software CUDA Relative to S&P 500 CUDA Relative to Software Revenue / Share - (US$) Price / Revenue 2 2 CUDA Relative to S&P 500 Y/Y (%) CUDA Relative to Software Y/Y (%) EPS (4 Qtr Trailing) - (US$) Price / Earnings FYE EPS P/E DPS Yield% Payout BV P/B ROE (Dec.) US$ Hi - Lo US$ Hi - Lo % US$ Hi - Lo % CUDA - Rating as of 6-Dec-13 = NR Range*: na na NC >15 >15 Current* ND na na NA NA na * Current EPS is the 4 Quarter Trailing to Q3/2013. * Valuation metrics are based on high and low for the fiscal year. * Range indicates the valuation range for the period presented above. Last Price ( December 12, 2013): $24.18 Sources: IHS Global Insight, Thomson Reuters, BMO Capital Markets. A member of BMO Financial Group 190 December 18, 2013

190 BMO Capital Markets Check Point Software (CHKP) Quarterly Price (US$) 70 Target Price(US$) Share Price(US$) ) Mkt 2) NR ) Mkt CHKP Relative to S&P 500 CHKP Relative to Software 140 CHKP Relative to S&P 500 CHKP Relative to Software Revenue / Share - (US$) Price / Revenue CHKP Relative to S&P 500 Y/Y (%) CHKP Relative to Software Y/Y (%) EPS (4 Qtr Trailing) - (US$) Price / Earnings FYE EPS P/E DPS Yield% Payout BV P/B ROE (Dec.) US$ Hi - Lo US$ Hi - Lo % US$ Hi - Lo % > > > > > > NA na Range*: > > Current* CHKP - Rating as of 4-Jan-11 = NR Date Rating Change Share Price 1 28-Nov-12 NR to Mkt $ Sep-13 Mkt to NR $ Dec-13 NR to Mkt $60.59 Growth(%): 5 Year: 13.9 nm Year: 13.3 nm 14.0 * Current EPS is the 4 Quarter Trailing to Q3/2013. * Valuation metrics are based on high and low for the fiscal year. * Range indicates the valuation range for the period presented above. Last Price ( December 16, 2013): $60.98 Sources: IHS Global Insight, Thomson Reuters, BMO Capital Markets. A member of BMO Financial Group 191 December 18, 2013

191 BMO Capital Markets Imperva (IMPV) Quarterly Price (US$) 55 Target Price(US$) Share Price(US$) ) OP IMPV Relative to S&P 500 IMPV Relative to Software IMPV Relative to S&P 500 IMPV Relative to Software Revenue / Share - (US$) Price / Revenue 10 BMO 2013FY EPS ( Nov 13 = NA US$) First Call 2013FY Cons.EPS ( Nov 13 = US$) EPS (4 Qtr Trailing) - (US$) Price / Earnings BMO 2014FY EPS ( Nov 13 = NA US$) First Call 2014FY Cons.EPS ( Nov 13 = 0.12 US$) FYE EPS P/E DPS Yield% Payout BV P/B ROE (Dec.) US$ Hi - Lo US$ Hi - Lo % US$ Hi - Lo % na na Range*: na na Current* na na IMPV - Rating as of 8-Nov-11 = NR Date Rating Change Share Price 1 13-Dec-13 NR to OP $42.72 * Current EPS is the 4 Quarter Trailing to Q3/2013. * Valuation metrics are based on high and low for the fiscal year. * Range indicates the valuation range for the period presented above. Last Price ( December 16, 2013): $42.73 Sources: IHS Global Insight, Thomson Reuters, BMO Capital Markets. A member of BMO Financial Group 192 December 18, 2013

192 BMO Capital Markets Qualys (QLYS) 24 Quarterly Price (US$) Target Price(US$) Share Price(US$) ) Mkt QLYS Relative to S&P 500 QLYS Relative to Software 160 QLYS Relative to S&P 500 QLYS Relative to Software Revenue / Share - (US$) Price / Revenue 2 BMO 2013FY EPS ( Nov 13 = NA US$) First Call 2013FY Cons.EPS ( Nov 13 = 0.20 US$) EPS (4 Qtr Trailing) - (US$) Price / Earnings BMO 2014FY EPS ( Nov 13 = NA US$) First Call 2014FY Cons.EPS ( Nov 13 = 0.29 US$) FYE EPS P/E DPS Yield% Payout BV P/B ROE (Dec.) US$ Hi - Lo US$ Hi - Lo % US$ Hi - Lo % Range*: na na NC >15 >15 Current* QLYS - Rating as of 27-Sep-12 = NR Date Rating Change Share Price 1 13-Dec-13 NR to Mkt $22.37 * Current EPS is the 4 Quarter Trailing to Q3/2013. * Valuation metrics are based on high and low for the fiscal year. * Range indicates the valuation range for the period presented above. Last Price ( December 16, 2013): $23.22 Sources: IHS Global Insight, Thomson Reuters, BMO Capital Markets. A member of BMO Financial Group 193 December 18, 2013

193 BMO Capital Markets Symantec Corporation (SYMC) Quarterly Price (US$) 28 Share Price(US$) SYMC Relative to S&P 500 SYMC Relative to Software SYMC Relative to S&P 500 SYMC Relative to Software Revenue / Share - (US$) Price / Revenue BMO 2014FY EPS ( Nov 13 = NA US$) First Call 2014FY Cons.EPS ( Nov 13 = 1.78 US$) EPS (4 Qtr Trailing) - (US$) Price / Earnings BMO 2015FY EPS ( Nov 13 = NA US$) First Call 2015FY Cons.EPS ( Nov 13 = 1.91 US$) FYE EPS P/E DPS Yield% Payout BV P/B ROE (Dec.) US$ Hi - Lo US$ Hi - Lo % US$ Hi - Lo % 1992 ND > > ND >100 > na 1994 ND na 1995 ND na na na 1996 ND na 1997 ND na 1998 ND na 1999 ND na 2000 ND na 2001 ND na 2002 ND na 2003 ND na 2004 ND na 2005 ND na 2006 ND na 2007 ND na 2008 ND na 2009 ND na 2010 ND na 2011 ND na 2012 ND na Range*: > > Current* NA NA na SYMC - Rating as of 6-Dec-13 = NR Growth(%): 5 Year: 1.7 nm nm 10 Year: 12.7 nm nm 20 Year: nm nm nm * Current EPS is the 4 Quarter Trailing to Q3/2013. * Valuation metrics are based on high and low for the fiscal year. * Range indicates the valuation range for the period presented above. Last Price ( December 10, 2013): $22.44 Sources: IHS Global Insight, Thomson Reuters, BMO Capital Markets. A member of BMO Financial Group 194 December 18, 2013

194 BMO Capital Markets IMPORTANT DISCLOSURES Analyst's Certification I, Joel P. Fishbein, Jr, hereby certify that the views expressed in this report accurately reflect my personal views about the subject securities or issuers. I also certify that no part of my compensation was, is, or will be, directly or indirectly, related to the specific recommendations or views expressed in this report. Analysts who prepared this report are compensated based upon (among other factors) the overall profitability of BMO Capital Markets and their affiliates, which includes the overall profitability of investment banking services. Compensation for research is based on effectiveness in generating new ideas and in communication of ideas to clients, performance of recommendations, accuracy of earnings estimates, and service to clients. Analysts employed by BMO Nesbitt Burns Inc. and/or BMO Capital Markets Ltd. are not registered as research analysts with FINRA. These analysts may not be associated persons of BMO Capital Markets Corp. and therefore may not be subject to the NASD Rule 2711 and NYSE Rule 472 restrictions on communications with a subject company, public appearances, and trading securities held by a research analyst account. Company specific disclosures - CUDA: Methodology and Risks to Price Target/Valuation Methodology: Our price target is based on an assumed 5x-6x EV/Sales multiple on our out-year estimates. Risks: Risks to our target include overly optimistic revenue expectations, lack of adoption of new products, and muted margin expansion. Company specific disclosures - CHKP: Disclosure 9: BMO Capital Markets makes a market in this security. Methodology and Risks to Our Price Target Methodology: Our price target is based on an assumed 17-18x P/E multiple on our out-year estimates. Risks: Risks to our target include an unanticipated decline in IT spending, lack of blade adoption, and overly optimistic market opportunity expectations. Company specific disclosures - IMPV: Methodology and Risks to Price Target/Valuation Methodology: Our price target is based on an assumed 5-6x EV/Sales multiple on our out year estimates. Risks: Risks to our target include overly optimistic revenue expectations, lack of adoption of new products, and muted margin expansion. Company specific disclosures - QLYS: Methodology and Risks to Price Target/Valuation Methodology: Our price target is based on an assumed 5-6x EV/Sales multiple on our out year estimates. Risks: Risks to our target include overly optimistic revenue expectations, lack of adoption of new products, and muted margin expansion. Company specific disclosures for SYMC: 9 - BMO Capital Markets makes a market in this security. Methodology and Risks to Price Target/Valuation Methodology: Our price target is based on 13x our 2015 EPS estimate. Risks: Risks include unanticipated drop in IT spending, failure to reinvigorate product line, lack of traction with Go to Market changes. Distribution of Ratings (September 30, 2013) Rating Category BMO Rating BMOCM US Universe* BMOCM US IB Clients** BMOCM US IB Clients*** BMOCM Universe**** BMOCM IB Clients***** Starmine Universe Buy Outperform 35.8% 20.3% 47.8% 36.7% 48.3% 52.6% Hold Market Perform 59.4% 13.1% 51.1% 56.9% 50.2% 41.7% Sell Underperform 4.9% 3.4% 1.1% 6.4% 1.5% 5.6% * Reflects rating distribution of all companies covered by BMO Capital Markets Corp. equity research analysts. ** Reflects rating distribution of all companies from which BMO Capital Markets Corp. has received compensation for Investment Banking services as percentage within ratings category. *** Reflects rating distribution of all companies from which BMO Capital Markets Corp. has received compensation for Investment Banking services as percentage of Investment Banking clients. **** Reflects rating distribution of all companies covered by BMO Capital Markets equity research analysts. ***** Reflects rating distribution of all companies from which BMO Capital Markets has received compensation for Investment Banking services as percentage of Investment Banking clients. Rating and Sector Key (as of April 5, 2013) We use the following ratings system definitions: OP = Outperform - Forecast to outperform the analyst s coverage universe on a total return basis; Mkt = Market Perform - Forecast to perform roughly in line with the analyst s coverage universe on a total return basis; Und = Underperform - Forecast to underperform the analyst s coverage universe on a total return basis; (S) = Speculative investment; NR = No rating at this time; and R = Restricted Dissemination of research is currently restricted. A member of BMO Financial Group 195 December 18, 2013

195 BMO Capital Markets BMO Capital Markets' seven Top 15 lists guide investors to our best ideas according to different objectives (CDN Large Cap, CDN Small Cap, US Large Cap, US Small Cap, Income, CDN Quant, and US Quant have replaced the Top Pick rating). Prior BMO Capital Markets Rating System (January 4, 2010 April 4, 2013): Other Important Disclosures For Other Important Disclosures on the stocks discussed in this report, please go to or write to Editorial Department, BMO Capital Markets, 3 Times Square, New York, NY or Editorial Department, BMO Capital Markets, 1 First Canadian Place, Toronto, Ontario, M5X 1H3. Dissemination of Research BMO Capital Markets Equity Research is available via our website Institutional clients may also receive our research via Thomson Reuters, Bloomberg, FactSet, and Capital IQ. Research reports and other commentary are required to be simultaneously disseminated internally and externally to our clients. Conflict Statement A general description of how BMO Financial Group identifies and manages conflicts of interest is contained in our public facing policy for managing conflicts of interest in connection with investment research, which is available at General Disclaimer BMO Capital Markets is a trade name used by the BMO Investment Banking Group, which includes the wholesale arm of Bank of Montreal and its subsidiaries BMO Nesbitt Burns Inc., BMO Capital Markets Ltd. in the U.K. and BMO Capital Markets Corp. in the U.S. BMO Nesbitt Burns Inc., BMO Capital Markets Ltd. and BMO Capital Markets Corp are affiliates. Bank of Montreal or its subsidiaries ( BMO Financial Group ) has lending arrangements with, or provide other remunerated services to, many issuers covered by BMO Capital Markets. The opinions, estimates and projections contained in this report are those of BMO Capital Markets as of the date of this report and are subject to change without notice. BMO Capital Markets endeavours to ensure that the contents have been compiled or derived from sources that we believe are reliable and contain information and opinions that are accurate and complete. However, BMO Capital Markets makes no representation or warranty, express or implied, in respect thereof, takes no responsibility for any errors and omissions contained herein and accepts no liability whatsoever for any loss arising from any use of, or reliance on, this report or its contents. Information may be available to BMO Capital Markets or its affiliates that is not reflected in this report. The information in this report is not intended to be used as the primary basis of investment decisions, and because of individual client objectives, should not be construed as advice designed to meet the particular investment needs of any investor. This material is for information purposes only and is not an offer to sell or the solicitation of an offer to buy any security. BMO Capital Markets or its affiliates will buy from or sell to customers the securities of issuers mentioned in this report on a principal basis. BMO Capital Markets or its affiliates, officers, directors or employees have a long or short position in many of the securities discussed herein, related securities or in options, futures or other derivative instruments based thereon. The reader should assume that BMO Capital Markets or its affiliates may have a conflict of interest and should not rely solely on this report in evaluating whether or not to buy or sell securities of issuers discussed herein. Additional Matters To Canadian Residents: BMO Nesbitt Burns Inc., furnishes this report to Canadian residents and accepts responsibility for the contents herein subject to the terms set out above. Any Canadian person wishing to effect transactions in any of the securities included in this report should do so through BMO Nesbitt Burns Inc. The following applies if this research was prepared in whole or in part by Andrew Breichmanas, Tony Robson, or Edward Sterck: This research is not prepared subject to Canadian disclosure requirements. This research is prepared by BMO Capital Markets Limited and subject to the regulations of the Financial Conduct Authority (FCA) in the United Kingdom. FCA regulations require that a firm providing research disclose its ownership interest in the issuer that is the subject of the research if it and its affiliates own 5% or more of the equity of the issuer. Canadian regulations require that a firm providing research disclose its ownership interest in the issuer that is the subject of the research if it and its affiliates own 1% or more of the equity of the issuer that is the subject of the research. Therefore BMO Capital Markets Limited will only disclose its and its affiliates ownership interest in the subject issuer if such ownership exceeds 5% of the equity of the issuer. To U.S. Residents: BMO Capital Markets Corp., furnishes this report to U.S. residents and accepts responsibility for the contents herein, except to the extent that it refers to securities of Bank of Montreal. Any U.S. person wishing to effect transactions in any security discussed herein should do so through BMO Capital Markets Corp. To U.K. Residents: In the UK this document is published by BMO Capital Markets Limited which is authorised and regulated by the Financial Conduct Authority. The contents hereof are intended solely for the use of, and may only be issued or passed on to, (I) persons who have professional experience in matters relating to investments falling within Article 19(5) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (the Order ) or (II) high net worth entities falling within Article 49(2)(a) to (d) of the Order (all such persons together referred to as relevant persons ). The contents hereof are not intended for the use of and may not be issued or passed on to, retail clients. A member of BMO Financial Group 196 December 18, 2013

196 BMO Capital Markets ADDITIONAL INFORMATION IS AVAILABLE UPON REQUEST BMO Financial Group (NYSE, TSX: BMO) is an integrated financial services provider offering a range of retail banking, wealth management, and investment and corporate banking products. BMO serves Canadian retail clients through BMO Bank of Montreal and BMO Nesbitt Burns. In the United States, personal and commercial banking clients are served by BMO Harris Bank N.A., (Member FDIC). Investment and corporate banking services are provided in Canada and the US through BMO Capital Markets. BMO Capital Markets is a trade name used by BMO Financial Group for the wholesale banking businesses of Bank of Montreal, BMO Harris Bank N.A, (Member FDIC), BMO Ireland Plc, and Bank of Montreal (China) Co. Ltd. and the institutional broker dealer businesses of BMO Capital Markets Corp. (Member SIPC), and BMO Capital Markets GKST Inc. (Member SIPC) in the U.S., BMO Nesbitt Burns Inc. (Member Canadian Investor Protection Fund) in Canada, Europe and Asia, BMO Capital Markets Limited in Europe and Australia and BMO Advisors Private Limited in India. Nesbitt Burns is a registered trademark of BMO Nesbitt Burns Corporation Limited, used under license. BMO Capital Markets is a trademark of Bank of Montreal, used under license. "BMO (M-Bar roundel symbol)" is a registered trademark of Bank of Montreal, used under license. Registered trademark of Bank of Montreal in the United States, Canada and elsewhere. TM Trademark Bank of Montreal COPYRIGHT 2013 BMO CAPITAL MARKETS CORP. A member of BMO Financial Group A member of BMO Financial Group 197 December 18, 2013

197 BMO Capital Markets NOTES A member of BMO Financial Group 198 December 18, 2013

198 Equity Research Global Head of Research Ian de Verteuil Director of Canadian Equity Research Paul Campbell Director of US Equity Research Christine Farkas, CFA Financials Canadian Banks John Reucassel, CFA US Banks Lana Chan Peter Winter Insurance Tom MacKinnon, FSA, FCIA Insurance/Non-Life Charles J. Sebaski Diversified Financials John Reucassel, CFA Atul Shah David J. Chiaverini, CFA Trading Venues/Exchanges Jillian Miller Real Estate Investment Trusts Heather C. Kirk, CFA Troy MacLean, CFA Paul E. Adornato, CFA Richard C. Anderson Mark Lutenski Consumer Retail - Broadlines/Hardlines Wayne Hood Retail - Apparel & Specialty John D. Morris Staples/Discretionary Peter Sklar, CPA, CA Food Retail Kelly Bania Food & Ag Products Kenneth B. Zaslow, CFA Food & Beverage Amit Sharma, CFA Restaurants Phillip Juhan, CFA Household & Personal Care Products Connie M. Maneaty Toys & Leisure Gerrick L. Johnson Auto Parts Peter Sklar, CPA, CA Services - Education Jeffrey M. Silber Lodging Mark Lutenski Special Situations Stephen MacLeod, CFA Materials Base Metals & Mining Tony Robson +44 (0) Meredith Bandy, CFA Aleksandra Bukacheva, CFA, MSc Edward Sterck +44 (0) Precious Metals & Minerals David Haughton Andrew Breichmanas, P.Eng. +44 (0) John Hayes, P. Geo Andrew Kaip, P. Geo Brian Quast, P. Eng., JD Commodity Strategy Jessica Fung Paper & Forest Products Stephen Atkinson Fertilizers Joel Jackson, P.Eng., CFA Industrials Transportation & Aerospace Fadi Chamoun, CFA Diversified Industrials Charles D. Brady Bert Powell, CFA Chemicals Alexandra Syrnyk, CFA Machinery Joel Tiss Services - Equipment Distribution & E&C Bert Powell, CFA Services - Business Services Jeffrey M. Silber Tech / media / Telecom Enterprise Hardware & IT Services Keith Bachman, CFA Communications Equipment Tim Long Information Technology Thanos Moschopoulos, CFA Semiconductors Ambrish Srivastava, Ph.D Software Joel P. Fishbein, Jr Telecom/Media/Cable Tim Casey, CFA Telecom Services Kevin Manning Media - Digital Entertainment and Internet ecommerce Edward S. Williams Marketing & Advertising Daniel Salmon Energy & Utilities Senior Oil/Gas Randy Ollenberger Dan McSpirit Gordon Tait, CFA Small/Mid Oil/Gas Jim Byrne, P. Eng., CFA Jared Dziuba, CFA Phillip Jungwirth, CFA Oil & Gas: Services & Equipment Alan Laws, CFA Mike Mazar, CPA, CA, CFA Electric Utilities & Independent Power Michael S. Worms Ben Pham, CFA Pipelines Carl Kirst, CFA Healthcare Biotechnology Jim Birchenough, M.D Medical Technology Joanne K. Wuensch Managed Care/Facilities Jennifer Lynch Pharmaceuticals Alex Arfaei Specialty Pharmaceuticals David Maris Macro Investment Strategy Brian G. Belski Economics Douglas Porter, CFA Michael Gregory, CFA Earl Sweet Quantitative/Technical Mark Steele Ken Hartviksen, CFA Qin Lu Small Caps Willa Hoffmann, CFA First Canadian Place, P.O. Box 150, Toronto, ON M5X 1H Tour McGill College, 1501 McGill College Ave., Suite 2800, Montreal, PQ H3A 3M8 900, 525-8th Avenue S.W., Calgary, AB. T2P 1G1 95 Queen Victoria Street, London, U.K., EC4V 4HG 3 Times Square, 7th Floor, New York, NY Tower Place, 3348 Peachtree Road, NE, Suite 1430, Atlanta, GA High Street, 26th Floor, Boston, MA th Street, Suite 1704S, South Tower, Denver, CO Louisiana Street, Suite 2100, Houston, TX One Market, Spear Tower, Suite 1515, San Francisco, CA S. LaSalle Street, Chicago, IL 60603